diff options
author | Andrew Dolgov <[email protected]> | 2020-09-14 20:00:01 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2020-09-14 20:00:01 +0300 |
commit | b4cb67e77f3b228c007f58caac234cae1afabe73 (patch) | |
tree | 57b1e6fe915cf2a2ce01ecc076d085cb16c22f08 | |
parent | c3d14e1fa54c7dade7b1b7955575e2991396d7ef (diff) |
remove csrf token from rpc method sanityCheck
-rw-r--r-- | include/functions.php | 1 | ||||
-rw-r--r-- | index.php | 4 | ||||
-rw-r--r-- | js/App.js | 2 | ||||
-rw-r--r-- | prefs.php | 4 |
4 files changed, 10 insertions, 1 deletions
diff --git a/include/functions.php b/include/functions.php index 43e9eb8f6..220a8e9d8 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1007,7 +1007,6 @@ $params["hotkeys"] = get_hotkeys_map(); - $params["csrf_token"] = $_SESSION["csrf_token"]; $params["widescreen"] = (int) $_COOKIE["ttrss_widescreen"]; $params['simple_update'] = defined('SIMPLE_UPDATE_MODE') && SIMPLE_UPDATE_MODE; @@ -47,6 +47,10 @@ } ?> + <script type="text/javascript"> + const __csrf_token = "<?php echo $_SESSION["csrf_token"]; ?>"; + </script> + <?php print_user_stylesheet() ?> <style type="text/css"> @@ -576,6 +576,8 @@ const App = { this.is_prefs = is_prefs; window.onerror = this.Error.onWindowError; + this.setInitParam("csrf_token", __csrf_token); + this.setupNightModeDetection(() => { parser.parse(); @@ -39,6 +39,10 @@ } ?> + <script type="text/javascript"> + const __csrf_token = "<?php echo $_SESSION["csrf_token"]; ?>"; + </script> + <?php print_user_stylesheet() ?> <link rel="shortcut icon" type="image/png" href="images/favicon.png"/> |