Merge branch 'ent-10483-falla-el-csrf-en-login-despues-de-hacer-logout' into 'develop'

Draft: Ent 10483 falla el csrf en login despues de hacer logout See merge request artica/pandorafms!5550
2023-02-21 09:02:40 +00:00 · 2023-02-21 09:02:40 +00:00 · 0fa39af4a9
parent 490d3db086 bf307adb01
commit 0fa39af4a9
2 changed files with 5 additions and 0 deletions
--- a/pandora_console/general/login_page.php
+++ b/pandora_console/general/login_page.php
@ -359,6 +359,10 @@ if ($config['enterprise_installed']) {
 }

 // CSRF validation.
+if (isset($_SESSION['csrf_code']) === true) {
+    unset($_SESSION['csrf_code']);
+}
+
 html_print_csrf_hidden();

    echo '</form></div>';
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@ -1049,6 +1049,7 @@ if (isset($_GET['bye'])) {
    header_remove('Set-Cookie');
    setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');

+    generate_csrf_code();
    // Process logout.
    include 'general/logoff.php';