From 92297f2fc250fcf57e3b26202065a8f52e1464c7 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Sun, 29 Aug 2021 00:10:42 +0200
Subject: [PATCH] Preventing CSRF in UploadHandler.php

---
 web/upload/UploadHandler.php | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php
index 15adb406a..511ec4b3e 100755
--- a/web/upload/UploadHandler.php
+++ b/web/upload/UploadHandler.php
@@ -2,13 +2,8 @@
 
 //session_start();
 
-$host_arr=explode(":", $_SERVER['HTTP_HOST']);
-$hostname=$host_arr[0];
-$port = $_SERVER['SERVER_PORT'];
-$expected_http_origin="https://".$hostname.":".$port;
-if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
-    die ("Nope.");
-}
+// Preventing CSRF
+prevent_post_csrf(true);
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");