projects/fipamo
1
0
Fork 0
Code Issues 24 Pull requests Projects 1 Releases 22 Packages Wiki Activity

added form token to session to validate form submission from frontend

Browse source
This commit is contained in:
Ro 2021-09-12 14:40:27 -07:00
parent f2450b2be5
commit fdc6cb2cf2
5 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
brain/controller/DashControl.inc.php
View file

@ -101,6 +101,7 @@ class DashControl
"title" => "Fipamo | Edit Page", "title" => "Fipamo | Edit Page",
"page" => (new Book("../content/pages"))->findPageById($uuid), "page" => (new Book("../content/pages"))->findPageById($uuid),
"mode" => $mode, "mode" => $mode,
"token" => Session::get("form_token"),
"status" => Session::active(), "status" => Session::active(),
]; ];
} else { } else {

3
brain/data/Auth.inc.php
View file

@ -53,9 +53,12 @@ class Auth
time() + 3600, time() + 3600,
"localhost" "localhost"
); //expires in an hour ); //expires in an hour
$form_token = md5(uniqid(microtime(), true));
Session::start(); Session::start();
Session::set("member", $member); Session::set("member", $member);
Session::set("token", $token); Session::set("token", $token);
Session::set("form_token", $form_token);
$result = "good_login"; $result = "good_login";
} else { } else {

1
brain/data/Session.inc.php
View file

@ -8,6 +8,7 @@ class Session
private static $data = [ private static $data = [
"member" => "", "member" => "",
"token" => "", "token" => "",
"form_token" => "",
]; ];
public static function start() public static function start()
{ {

1
brain/views/dash/page-edit.twig
View file

@ -78,6 +78,7 @@
{% endapply %} {% endapply %}
<input id="featured-image-upload" type="file" name="featured-image-upload"/> <input id="featured-image-upload" type="file" name="featured-image-upload"/>
<input id="post-image-upload" type="file" name="post-image-upload"/> <input id="post-image-upload" type="file" name="post-image-upload"/>
<input name="token" type="hidden" value="{{ token }}">
</div> </div>
</div> </div>
</div> </div>

11
public/assets/scripts/dash.min.js vendored
View file

File diff suppressed because one or more lines are too long