We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
forkbb
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix vulnerability of lack of token

Csrf\getError() returns null if there is no token field. As a result, the check is aborted without adding an error.
Visman 4 years ago
parent
2df6800f6f
commit
b3df3fc916
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      app/Core/Validator.php

+ 1 - 1
app/Core/Validator.php
View File 

@@ -708,7 +708,7 @@ class Validator
 
             ! \is_string($value)
 
             || ! $this->c->Csrf->verify($value, $attr, $args)
 
         ) {
 
-            $this->addError($this->c->Csrf->getError(), 'e');
 
+            $this->addError($this->c->Csrf->getError() ?? 'Bad token', 'e');
 
 
             return null;
 
         } else {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5