We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
forkbb
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

Fix vulnerability of lack of token

Csrf\getError() returns null if there is no token field. As a result, the check is aborted without adding an error.
Visman %!s(int64=4) %!d(string=hai) anos
pai
2df6800f6f
achega
b3df3fc916
Modificáronse 1 ficheiros con 1 adicións e 1 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 1
      app/Core/Validator.php

+ 1 - 1
app/Core/Validator.php
Ver ficheiro 

@@ -708,7 +708,7 @@ class Validator
 
             ! \is_string($value)
 
             || ! $this->c->Csrf->verify($value, $attr, $args)
 
         ) {
 
-            $this->addError($this->c->Csrf->getError(), 'e');
 
+            $this->addError($this->c->Csrf->getError() ?? 'Bad token', 'e');
 
 
             return null;
 
         } else {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5