diff options
| author | Andrew Dolgov <[email protected]> | 2020-09-15 16:12:53 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2020-09-15 16:12:53 +0300 |
| commit | 8080c525fd453bfba9c35f01a08013e148bb2144 (patch) | |
| tree | d17bf661dfebf3d2ea16c78d821dbb78f07bf0d3 /backend.php | |
| parent | aeaafefa07b31c99efd27653ad22f4040572d441 (diff) | |
- backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
Diffstat (limited to 'backend.php')
| -rw-r--r-- | backend.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/backend.php b/backend.php index e65ce1b94..1bbeec2bd 100644 --- a/backend.php +++ b/backend.php @@ -20,7 +20,7 @@ return; } - @$csrf_token = $_REQUEST['csrf_token']; + @$csrf_token = $_POST['csrf_token']; require_once "autoload.php"; require_once "sessions.php"; |