Forced CSRF token check

slackero · Sep 1, 2021 · 9754301 · 9754301
1 parent 1f26716
commit 9754301
Show file tree

Hide file tree

Showing 3 changed files with 247 additions and 254 deletions.
diff --git a/include/inc_lib/helper.session.php b/include/inc_lib/helper.session.php
@@ -482,7 +482,7 @@ function validate_csrf_tokens($token_prefix='csrf_') {
  */
 function validate_csrf_get_token($token_name='csrftoken', $logout=true) {
 
-	if($_SERVER['REQUEST_METHOD'] === 'GET' && count($_GET)) {
+	if($_SERVER['REQUEST_METHOD'] === 'GET') {
 
 		if(empty($_GET[$token_name])) {
 			if($logout) {

diff --git a/include/inc_tmpl/be_start.tmpl.php b/include/inc_tmpl/be_start.tmpl.php
@@ -75,7 +75,7 @@
 
 ?>
 <div style="margin:0 0 10px 0;padding:0;">
-	<form class="formRightInput" action="phpwcms.php" id="setHomeMaxArticles" name="setHomeMaxArticles" method="post">
+	<form class="formRightInput" action="phpwcms.php?do=home" id="setHomeMaxArticles" name="setHomeMaxArticles" method="post">
 		<select name="homeMaxArticles" onchange="this.form.submit();">
 	<?php foreach(array(5,10,15,25,50,75,100,150) as $x): ?>
 			<option value="<?php echo $x ?>"<?php is_selected($_phpwcms_home['homeMaxArticles'], $x) ?>><?php echo $x ?></option>
@@ -142,7 +142,7 @@
 </table>
 
 <div style="margin:25px 0 10px 0;padding:0;">
-	<form class="formRightInput" action="phpwcms.php" id="setHomeMaxCntParts" name="setHomeMaxCntParts" method="post">
+	<form class="formRightInput" action="phpwcms.php?do=home" id="setHomeMaxCntParts" name="setHomeMaxCntParts" method="post">
 		<select name="homeCntType" onChange="this.form.submit();" class="width150">
 			<option value="">&#8211;</option>
 	<?php foreach($wcs_content_type as $key => $value): ?>