You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For each operation case (change password, delete, create), call
`checkToken()` individually rather than having the one call at the top.
This avoids the issue where we have different GET params that may or may
not need to be protected against CSRF attacks.
Credit to @GaneshKandu for discovering my original fix in 44379be didn't
fully fix the problem in #491.
Refs #491, supersedes #588
System Information
Podcast Generator Version: 3.2.0-beta
Webserver: docker - mitlabs/apache-php7.3
PHP Version: docker - mitlabs/apache-php7.3
Expected behavior
Expected a page to manage users
Actual behavior
Returns blank webpage with only the following:
Potential CSRF attack
on both Brave and Firefox browsers.Docker logs
How to reproduce
Try to click a user link ( https://podcast.domain.tld/admin/pg_users.php?username=user ) on page https://podcast.domain.tld/admin/pg_users.php
Question
Is this a PodcastGenerator problem or an Apache/PHP config problem??
The text was updated successfully, but these errors were encountered: