mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-29 01:34:31 +01:00
SECURITY: CSRF in post.php
This commit is contained in:
parent
4f2398f7b8
commit
1267c60a2c
7
post.php
7
post.php
@ -232,14 +232,15 @@ elseif (isset($_POST['post'])) {
|
||||
}
|
||||
}
|
||||
|
||||
if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
|
||||
(!$post['op'] && $_POST['post'] == $config['button_reply'])))
|
||||
//if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
|
||||
//(!$post['op'] && $_POST['post'] == $config['button_reply'])))
|
||||
//error($config['error']['bot']);
|
||||
|
||||
// Check the referrer
|
||||
if ($config['referer_match'] !== false &&
|
||||
(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER']))))
|
||||
(!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) {
|
||||
error($config['error']['referer']);
|
||||
}
|
||||
|
||||
checkDNSBL();
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user