github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 18:49:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Preventing all CSRF

Browse source
This commit is contained in:
myvesta 2021-08-15 14:53:16 +02:00 committed by GitHub
commit 55c591535c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
web/inc/secure_login.php
View file

@ -49,3 +49,16 @@ if ($skip_login_url_check==0) {
}
}
}
// Preventing all CSRF
if ($skip_login_url_check==0) {
if ($_SERVER['REQUEST_METHOD']=='POST') {
$host_arr=explode(":", $_SERVER['HTTP_HOST']);
$hostname=$host_arr[0];
$port = $_SERVER['SERVER_PORT'];
$expected_http_origin="https://".$hostname.":".$port;
if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
die ("Nope.");
}
}
}