You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: web/inc/prevent_csrf.php
+4-3Lines changed: 4 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -2,13 +2,13 @@
2
2
3
3
$check_csrf = true;
4
4
5
-
if ($_SERVER['SCRIPT_FILENAME'] == '/usr/local/hestia/web/inc/mail-wrapper.php') {
5
+
if ($_SERVER['SCRIPT_FILENAME'] == '/usr/local/hestia/web/inc/mail-wrapper.php' || $_SERVER['SCRIPT_FILENAME'] == '/usr/local/hestia//web/inc/mail-wrapper.php') {
6
6
$check_csrf=false;
7
7
} // execute only from CLI
8
-
if ($_SERVER['SCRIPT_FILENAME'] == '/usr/local/hestia/web/reset/mail/index.php') {
8
+
if ($_SERVER['SCRIPT_FILENAME'] == '/usr/local/hestia/web/reset/mail/index.php' || $_SERVER['SCRIPT_FILENAME'] == '/usr/local/hestia/web//reset/mail/index.php') {
9
9
$check_csrf=false;
10
10
} // Localhost only
11
-
if ($_SERVER['SCRIPT_FILENAME'] == '/usr/local/hestia/web/api/index.php') {
11
+
if ($_SERVER['SCRIPT_FILENAME'] == '/usr/local/hestia/web/api/index.php' || $_SERVER['SCRIPT_FILENAME'] == '/usr/local/hestia/web//api/index.php') {
12
12
$check_csrf=false;
13
13
} // Own check
14
14
if (substr($_SERVER['SCRIPT_FILENAME'], 0, 22)=='/usr/local/hestia/bin/') {
@@ -20,6 +20,7 @@ function checkStrictness($level)
20
20
if ($level >= $_SESSION['POLICY_CSRF_STRICTNESS']) {
21
21
returntrue;
22
22
} else {
23
+
http_response_code(400);
23
24
echo"<h1>Potential use CSRF detected</h1>\n".
24
25
"<p>Please disable any plugins/add-ons inside your browser or contact your system administrator. If you are the system administrator you can run v-change-sys-config-value 'POLICY_CSRF_STRICTNESS' '0' as root to disable this check.<p>".
25
26
"<p>If you folowed a bookmark or an static link <a href='/'>please click here</a>";
0 commit comments