Skip to content

O
OpnSense
Commit 32c28051 authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

csrf: time to make this mandatory

parent 18ad5dac
Show whitespace changes
Inline Side-by-side
Showing with 13 additions and 13 deletions
src/www/guiconfig.inc
View file @ 32c28051
...@@ -32,21 +32,23 @@ ...@@ -32,21 +32,23 @@
require_once("util.inc"); require_once("util.inc");
require_once("config.inc"); require_once("config.inc");
/* THIS MUST BE ABOVE ALL OTHER CODE */ /* CSRF BEGIN: CHECK MUST BE EXECUTED FIRST; NO EXCEPTIONS */
if (empty($nocsrf)) {
function csrf_startup() { function csrf_startup()
{
global $config; global $config;
csrf_conf('rewrite-js', '/csrf/csrf-magic.js'); csrf_conf('rewrite-js', '/csrf/csrf-magic.js');
$timeout_minutes = isset($config['system']['webgui']['session_timeout']) ? $config['system']['webgui']['session_timeout'] : 240; $timeout_minutes = isset($config['system']['webgui']['session_timeout']) ? $config['system']['webgui']['session_timeout'] : 240;
csrf_conf('expires', $timeout_minutes * 60); csrf_conf('expires', $timeout_minutes * 60);
}
session_start();
require_once('csrf/csrf-magic.php');
session_write_close();
} }
session_start();
require_once('csrf/csrf-magic.php');
session_write_close();
/* CSRF END: THANK YOU FOR YOUR COOPERATION */
function set_language() function set_language()
{ {
global $config; global $config;
......
src/www/widgets/widgets/rss.widget.php
View file @ 32c28051
...@@ -26,8 +26,6 @@ ...@@ -26,8 +26,6 @@
POSSIBILITY OF SUCH DAMAGE. POSSIBILITY OF SUCH DAMAGE.
*/ */
$nocsrf = true;
require_once("guiconfig.inc"); require_once("guiconfig.inc");
require_once("pfsense-utils.inc"); require_once("pfsense-utils.inc");
require_once("simplepie/autoloader.php"); require_once("simplepie/autoloader.php");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023