From c192cbb0bdf39dc1b49b4800a7e6f0197a4a5b30 Mon Sep 17 00:00:00 2001 From: xisi Date: Fri, 24 Jan 2014 14:46:50 -0500 Subject: [PATCH] Token failure condition fix --- public/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/public/index.php b/public/index.php index 23d7ae1e..120b11ec 100644 --- a/public/index.php +++ b/public/index.php @@ -84,6 +84,8 @@ $action = (isset($_REQUEST['action']) && !is_array($_REQUEST['action'])) && isse // Check csrf token validity if necessary if ($config['csrf']['enabled'] && isset($_POST['ctoken']) && !empty($_POST['ctoken']) && !is_array($_POST['ctoken'])) { $csrftoken->valid = ($csrftoken->checkBasic($user->getCurrentIP(), $arrPages[$page], $_POST['ctoken'])) ? 1 : 0; +} else if ($config['csrf']['enabled'] && (!@$_POST['ctoken'] || empty($_POST['ctoken']) || is_array($_POST['ctoken']))) { + $csrftoken->valid = 0; } if ($config['csrf']['enabled']) $smarty->assign('CTOKEN', $csrftoken->getBasic($user->getCurrentIP(), $arrPages[$page]));