Skip to content

Commit

Permalink
Using http status 403 for invalid csrf token
Browse files Browse the repository at this point in the history
  • Loading branch information
@mjiuming
mjiuming committed Oct 6, 2019
1 parent 05672db commit 35be36c
Showing 1 changed file with 12 additions and 13 deletions.
25 changes: 12 additions & 13 deletions trunk/web/include/csrf_check.php
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,14 @@
<?php
@session_start();
if( $_SERVER['REQUEST_METHOD']=='POST' ){
if (isset($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
&& is_array($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
&& isset($_POST['csrf'])
&& in_array($_POST['csrf'],$_SESSION[$OJ_NAME.'_'.'csrf_keys'])
){
// echo "<!-csrf check passed->";
}else{
echo "<!-csrf check failed->";
exit(1);
@session_start();
if( $_SERVER['REQUEST_METHOD'] == 'POST'){
if( !isset($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
|| !is_array($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
|| !isset($_POST['csrf'])
|| !in_array($_POST['csrf'], $_SESSION[$OJ_NAME.'_'.'csrf_keys'])
){
http_response_code(403);
echo "Invalid csrf token";
exit;
}
}
}
?>
?>

0 comments on commit 35be36c

Please sign in to comment.