Permalink
Browse files

issue: CSRF In users.inc.php URL

This addresses an issue where the CSRF Token is displayed in the URL
when you preform a search in the Users Tab. This removes the token from the
request which removes it from the URL.
  • Loading branch information...
JediKev committed Mar 20, 2018
1 parent c4669d7 commit 285a292a9ad493d6e649af214afba61a5fcbe079
Showing with 5 additions and 0 deletions.
  1. +5 −0 include/staff/users.inc.php
@@ -312,6 +312,11 @@
goBaby($(this).attr('href').substr(1));
return false;
});
// Remove CSRF Token From GET Request
document.querySelector("form[action='users.php']").onsubmit = function() {
document.getElementsByName("__CSRFToken__")[0].remove();
};
});
</script>

0 comments on commit 285a292

Please sign in to comment.