PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-11 14:10:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: make CSRF tokens exist for the duration of the session

Browse source
This commit is contained in:
Floorb 2023-07-11 03:20:58 -04:00
parent 894613e257
commit 483d0293f7
2 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
includes/common.php
View file

@ -218,11 +218,7 @@ function verifyCsrfToken($token = null) : bool {
return false;
}
$success = hash_equals($_SESSION[SessionHelper::CSRF_TOKEN_KEY], $token);
unset($_SESSION[SessionHelper::CSRF_TOKEN_KEY]);
return $success;
return hash_equals($_SESSION[SessionHelper::CSRF_TOKEN_KEY], $token);
}
session_start();

2
public/admin/paste_action.php
View file

@ -51,7 +51,7 @@ if (isset($_POST['hide'])) {
$paste->save();
$redis->del('ajax_pastes'); /* Expire from Redis so it doesn't show up anymore */
AdminLog::updateAdminHistory($current_user, AdminLog::ACTION_BLANK_PASTE, 'Paste ' . $paste->id . 'blanked.');
AdminLog::updateAdminHistory($current_user, AdminLog::ACTION_BLANK_PASTE, 'Paste ' . $paste->id . ' blanked.');
flashSuccess('Paste contents blanked.');
}