Autres/RaspAP
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-07-08 10:27:41 +02:00
Code Issues Releases Wiki Activity

Handle missing tokens gracefully, support multiple state-changing HTTP methods

Browse Source
This commit is contained in:
billz 2025-05-14 00:54:38 -07:00
parent a1ca7e861f
commit 2a2b429e75
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
includes/CSRF.php
View File

@ -26,9 +26,11 @@ class CSRF
public static function verify(): bool
{
$token = $_POST['csrf_token'];
if (!isset($_POST['csrf_token'])) {
return false;
}
return self::instance()->csrfValidateRequest() &&
self::instance()->CSRFValidate($_POST['csrf_token'] ?? '');
self::instance()->CSRFValidate($_POST['csrf_token']);
}
public static function metaTag(): string
@ -53,7 +55,9 @@ class CSRF
*/
public static function validateRequest(): bool
{
return self::instance()->csrfValidateRequest();
$methods = ['POST', 'PUT', 'DELETE', 'PATCH'];
return in_array($_SERVER['REQUEST_METHOD'], $methods) &&
self::instance()->csrfValidateRequest();
}
}