kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[fix] more explicit error message for CSRF

This commit is contained in:
Benjamin Sonntag 2017-10-06 16:53:50 +02:00
parent 7d6071197a
commit 4d8ba24248
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bureau/class/functions.php
View File

@ -1161,11 +1161,11 @@ function csrf_check($token=null) {
} }
$db->query("SELECT used FROM csrf WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token)); $db->query("SELECT used FROM csrf WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token));
if (!$db->next_record()) { if (!$db->next_record()) {
$msg->raise('Error', "functions", _("Your token is invalid")); $msg->raise('Error', "functions", _("You can't post twice the same form, please retry."));
return 0; // invalid csrf cookie return 0; // invalid csrf cookie
} }
if ($db->f("used")) { if ($db->f("used")) {
$msg->raise('Error', "functions", _("Your token is expired. Please refill the form.")); $msg->raise('Error', "functions", _("You can't post twice the same form, please retry."));
return -1; // expired return -1; // expired
} }
$db->query("UPDATE csrf SET used=1 WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token)); $db->query("UPDATE csrf SET used=1 WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token));