github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 13:01:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Preventing CSRF in UploadHandler.php

Browse source
This commit is contained in:
myvesta 2021-08-29 00:10:42 +02:00 committed by GitHub
commit 92297f2fc2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
web/upload/UploadHandler.php
View file

@ -2,13 +2,8 @@
//session_start(); //session_start();
$host_arr=explode(":", $_SERVER['HTTP_HOST']); // Preventing CSRF
$hostname=$host_arr[0]; prevent_post_csrf(true);
$port = $_SERVER['SERVER_PORT'];
$expected_http_origin="https://".$hostname.":".$port;
if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
die ("Nope.");
}
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");