From 0336e8b8d0acd232adb7f3f5d2a04c718d8a1829 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Sun, 29 Aug 2021 00:14:15 +0200
Subject: [PATCH] Preventing CSRF in /file_manager/fm_api.php

---
 web/file_manager/fm_api.php | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/web/file_manager/fm_api.php b/web/file_manager/fm_api.php
index 4a4dd9ec..c593b3f6 100644
--- a/web/file_manager/fm_api.php
+++ b/web/file_manager/fm_api.php
@@ -3,15 +3,7 @@
 //error_reporting(NULL);
 
 // Preventing CSRF
-if ($_SERVER['REQUEST_METHOD']=='POST') {
-    $host_arr=explode(":", $_SERVER['HTTP_HOST']);
-    $hostname=$host_arr[0];
-    $port = $_SERVER['SERVER_PORT'];
-    $expected_http_origin="https://".$hostname.":".$port;
-    if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
-        die ("Nope.");
-    }
-}
+prevent_post_csrf(true);
 
 header('Content-Type: application/json');