tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

10483-Fixed csrf token on login after logout

This commit is contained in:
Pablo Aragon 2023-02-20 10:47:00 +01:00
parent c24bf70cc2
commit bf307adb01
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/general/login_page.php
View File

@ -359,6 +359,10 @@ if ($config['enterprise_installed']) {
}
// CSRF validation.
if (isset($_SESSION['csrf_code']) === true) {
unset($_SESSION['csrf_code']);
}
html_print_csrf_hidden();
echo '</form></div>';

1
pandora_console/index.php
View File

@ -1049,6 +1049,7 @@ if (isset($_GET['bye'])) {
header_remove('Set-Cookie');
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
generate_csrf_code();
// Process logout.
include 'general/logoff.php';