public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 05:15:55 +00:00
Code Issues Releases Wiki Activity

- backend: require CSRF token to be passed via POST

Browse Source 
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
This commit is contained in:
Andrew Dolgov
2020-09-15 16:12:53 +03:00
parent aeaafefa07
commit 8080c525fd
6 changed files with 45 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend.php
View File

@@ -20,7 +20,7 @@
return;
}
@$csrf_token = $_REQUEST['csrf_token'];
@$csrf_token = $_POST['csrf_token'];
require_once "autoload.php";
require_once "sessions.php";