Cool_Tools/vichan
1
0
Fork 0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-25 16:00:22 +01:00
Code Releases Wiki Activity

SECURITY: CSRF in post.php

Browse Source
This commit is contained in:
8chan 2014-11-12 21:08:32 -08:00
parent 4f2398f7b8
commit 1267c60a2c
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
post.php
View File

@ -232,14 +232,15 @@ elseif (isset($_POST['post'])) {
} }
} }
if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) || //if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
(!$post['op'] && $_POST['post'] == $config['button_reply']))) //(!$post['op'] && $_POST['post'] == $config['button_reply'])))
//error($config['error']['bot']); //error($config['error']['bot']);
// Check the referrer // Check the referrer
if ($config['referer_match'] !== false && if ($config['referer_match'] !== false &&
(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) {
error($config['error']['referer']); error($config['error']['referer']);
}
checkDNSBL(); checkDNSBL();