Commit 32c28051 authored by Franco Fichtner's avatar Franco Fichtner

csrf: time to make this mandatory

parent 18ad5dac
......@@ -32,21 +32,23 @@
require_once("util.inc");
require_once("config.inc");
/* THIS MUST BE ABOVE ALL OTHER CODE */
if (empty($nocsrf)) {
function csrf_startup() {
global $config;
/* CSRF BEGIN: CHECK MUST BE EXECUTED FIRST; NO EXCEPTIONS */
csrf_conf('rewrite-js', '/csrf/csrf-magic.js');
$timeout_minutes = isset($config['system']['webgui']['session_timeout']) ? $config['system']['webgui']['session_timeout'] : 240;
csrf_conf('expires', $timeout_minutes * 60);
}
function csrf_startup()
{
global $config;
session_start();
require_once('csrf/csrf-magic.php');
session_write_close();
csrf_conf('rewrite-js', '/csrf/csrf-magic.js');
$timeout_minutes = isset($config['system']['webgui']['session_timeout']) ? $config['system']['webgui']['session_timeout'] : 240;
csrf_conf('expires', $timeout_minutes * 60);
}
session_start();
require_once('csrf/csrf-magic.php');
session_write_close();
/* CSRF END: THANK YOU FOR YOUR COOPERATION */
function set_language()
{
global $config;
......
......@@ -26,8 +26,6 @@
POSSIBILITY OF SUCH DAMAGE.
*/
$nocsrf = true;
require_once("guiconfig.inc");
require_once("pfsense-utils.inc");
require_once("simplepie/autoloader.php");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment