ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Marius Cramer
2015-05-21 f3cc2c3985d20b9d7c75998ad100cacf5cad5789 
 interface/lib/classes/tform.inc.php


@@ -680,11 +680,13 @@


         }


         if($_csrf_valid !== true) {


            $app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);


            $errmsg = 'err_csrf_attempt_blocked';


            $this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n";


            unset($_POST);


            unset($record);


         }


         $_SESSION['_csrf'][$_csrf_id] = ' ';


         $_SESSION['_csrf_timeout'][$_csrf_id] = ' ';


         $_SESSION['_csrf'][$_csrf_id] = null;


         $_SESSION['_csrf_timeout'][$_csrf_id] = null;


         unset($_SESSION['_csrf'][$_csrf_id]);


         unset($_SESSION['_csrf_timeout'][$_csrf_id]);


         


@@ -694,6 +696,8 @@


               if($timeout < time()) $to_unset[] = $_csrf_id;


            }


            foreach($to_unset as $_csrf_id) {


               $_SESSION['_csrf'][$_csrf_id] = null;


               $_SESSION['_csrf_timeout'][$_csrf_id] = null;


               unset($_SESSION['_csrf'][$_csrf_id]);


               unset($_SESSION['_csrf_timeout'][$_csrf_id]);


            }