Skip to content

Commit 58b413a

Browse files
committed
added CSRF check and fixed broken redirect link from login.php to index.php
1 parent 75a7612 commit 58b413a

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

Diff for: includes/logout.php

+6-1
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,11 @@
1616
* You should have received a copy of the GNU General Public License
1717
* along with this program. If not, see <http://www.gnu.org/licenses/>.
1818
*/
19+
20+
// check whether csrf token in _SESSION is valid, if not, die and stop script
21+
if($_POST['csrf'] !== $_SESSION['csrf_token']) {
22+
die("invalid Token");
23+
}
1924

2025
include_once 'functions.php';
2126
sec_session_start();
@@ -31,5 +36,5 @@
3136

3237
// Destroy session
3338
session_destroy();
34-
header("Location: ../login.php");
39+
header("Location: ../index.php");
3540
exit();

0 commit comments

Comments
 (0)