github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-07 05:21:50 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update index.php

Browse source
This commit is contained in:
myvesta 2021-08-15 14:37:53 +02:00 committed by GitHub
parent 9f55ef33cf
commit 518e627b46
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/edit/file/index.php
View file

@ -1,6 +1,7 @@
<?php <?php
// Preventing CSRF // Preventing CSRF
if ($_SERVER['REQUEST_METHOD']=='POST') {
$host_arr=explode(":", $_SERVER['HTTP_HOST']); $host_arr=explode(":", $_SERVER['HTTP_HOST']);
$hostname=$host_arr[0]; $hostname=$host_arr[0];
$port = $_SERVER['SERVER_PORT']; $port = $_SERVER['SERVER_PORT'];
@ -8,6 +9,7 @@ $expected_http_origin="https://".$hostname.":".$port;
if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) { if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
die ("Nope."); die ("Nope.");
} }
}
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
$user = $_SESSION['user']; $user = $_SESSION['user'];