xarvh/fipamo
1
0
Fork 0
forked from projects/fipamo
Code Pull requests Activity

added form token to session to validate form submission from frontend

Browse source
This commit is contained in:
Ro 2021-09-12 14:40:27 -07:00
parent f2450b2be5
commit fdc6cb2cf2
5 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
brain/controller/DashControl.inc.php
View file

@ -101,6 +101,7 @@ class DashControl
"title" => "Fipamo | Edit Page",
"page" => (new Book("../content/pages"))->findPageById($uuid),
"mode" => $mode,
"token" => Session::get("form_token"),
"status" => Session::active(),
];
} else {

3
brain/data/Auth.inc.php
View file

@ -53,9 +53,12 @@ class Auth
time() + 3600,
"localhost"
); //expires in an hour
$form_token = md5(uniqid(microtime(), true));
Session::start();
Session::set("member", $member);
Session::set("token", $token);
Session::set("form_token", $form_token);
$result = "good_login";
} else {

1
brain/data/Session.inc.php
View file

@ -8,6 +8,7 @@ class Session
private static $data = [
"member" => "",
"token" => "",
"form_token" => "",
];
public static function start()
{

1
brain/views/dash/page-edit.twig
View file

@ -78,6 +78,7 @@
{% endapply %}
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
<input id="post-image-upload" type="file" name="post-image-upload"/>
<input name="token" type="hidden" value="{{ token }}">
</div>
</div>
</div>

11
public/assets/scripts/dash.min.js vendored
View file

File diff suppressed because one or more lines are too long