github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 18:49:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix fox CSRF in /dowload/web-log/

Browse source
This commit is contained in:
myvesta 2021-09-04 12:55:40 +02:00
commit 63861e4ffd
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
web/download/web-log/index.php
View file

@ -3,6 +3,13 @@
error_reporting(NULL);
session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('Location: /login/');
exit();
}
$v_domain = $_GET['domain'];
$v_domain = escapeshellarg($_GET['domain']);
if ($_GET['type'] == 'access') $type = 'access';