TPS
/
ORIENT
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fail CSRF token checks if the session expires. (#4598) 

Fixes #4595. Credit to @bennothommo
This commit is contained in:
Ben Thomson 2019-09-05 11:33:10 +08:00 committed by Luke Towers
parent 5723cd4b2a
commit 0240c21af6
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/backend/classes/Controller.php
View File

@ -786,7 +786,7 @@ class Controller extends ControllerBase
$token = Request::input('_token') ?: Request::header('X-CSRF-TOKEN');
if (!strlen($token)) {
if (!strlen($token) || !strlen(Session::token())) {
return false;
}

2
modules/cms/classes/Controller.php
View File

@ -1596,7 +1596,7 @@ class Controller
$token = Request::input('_token') ?: Request::header('X-CSRF-TOKEN');
if (!strlen($token)) {
if (!strlen($token) || !strlen(Session::token())) {
return false;
}