kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[fix] more explicit error message for CSRF

This commit is contained in:
Benjamin Sonntag 2017-10-06 16:53:50 +02:00
parent 7d6071197a
commit 4d8ba24248
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bureau/class/functions.php
View File

@ -1161,11 +1161,11 @@ function csrf_check($token=null) {
}
$db->query("SELECT used FROM csrf WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token));
if (!$db->next_record()) {
$msg->raise('Error', "functions", _("Your token is invalid"));
$msg->raise('Error', "functions", _("You can't post twice the same form, please retry."));
return 0; // invalid csrf cookie
}
if ($db->f("used")) {
$msg->raise('Error', "functions", _("Your token is expired. Please refill the form."));
$msg->raise('Error', "functions", _("You can't post twice the same form, please retry."));
return -1; // expired
}
$db->query("UPDATE csrf SET used=1 WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token));