Autres/RaspAP
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-07-08 10:27:41 +02:00
Code Issues Releases Wiki Activity

Handle missing tokens gracefully, support multiple state-changing HTTP methods

Browse Source
This commit is contained in:
billz 2025-05-14 00:54:38 -07:00
parent a1ca7e861f
commit 2a2b429e75
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
includes/CSRF.php
View File

@ -26,9 +26,11 @@ class CSRF
public static function verify(): bool public static function verify(): bool
{ {
$token = $_POST['csrf_token']; if (!isset($_POST['csrf_token'])) {
return false;
}
return self::instance()->csrfValidateRequest() && return self::instance()->csrfValidateRequest() &&
self::instance()->CSRFValidate($_POST['csrf_token'] ?? ''); self::instance()->CSRFValidate($_POST['csrf_token']);
} }
public static function metaTag(): string public static function metaTag(): string
@ -53,7 +55,9 @@ class CSRF
*/ */
public static function validateRequest(): bool public static function validateRequest(): bool
{ {
return self::instance()->csrfValidateRequest(); $methods = ['POST', 'PUT', 'DELETE', 'PATCH'];
return in_array($_SERVER['REQUEST_METHOD'], $methods) &&
self::instance()->csrfValidateRequest();
} }
} }