1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-25 07:50:23 +01:00

SECURITY: CSRF in post.php

This commit is contained in:
8chan 2014-11-12 21:08:32 -08:00
parent 4f2398f7b8
commit 1267c60a2c

View File

@ -232,14 +232,15 @@ elseif (isset($_POST['post'])) {
} }
} }
if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) || //if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
(!$post['op'] && $_POST['post'] == $config['button_reply']))) //(!$post['op'] && $_POST['post'] == $config['button_reply'])))
//error($config['error']['bot']); //error($config['error']['bot']);
// Check the referrer // Check the referrer
if ($config['referer_match'] !== false && if ($config['referer_match'] !== false &&
(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) {
error($config['error']['referer']); error($config['error']['referer']);
}
checkDNSBL(); checkDNSBL();