CSRF protection of included JavaScript
This commit is contained in:
parent
031a82a4ad
commit
6f5c1981a0
|
@ -155,6 +155,6 @@ if ($_GET["ns"] !== "") {
|
|||
}
|
||||
|
||||
page_footer();
|
||||
echo "<script type='text/javascript' src='" . h(ME) . "script=db'></script>\n";
|
||||
echo "<script type='text/javascript' src='" . h(ME . "script=db&token=$token") . "'></script>\n";
|
||||
exit; // page_footer() already called
|
||||
}
|
||||
|
|
|
@ -43,7 +43,7 @@ function connect_error() {
|
|||
}
|
||||
}
|
||||
page_footer("db");
|
||||
echo "<script type='text/javascript' src='" . h(ME) . "script=connect'></script>\n";
|
||||
echo "<script type='text/javascript' src='" . h(ME . "script=connect&token=$token") . "'></script>\n";
|
||||
}
|
||||
|
||||
if (isset($_GET["status"])) {
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
<?php
|
||||
header("Content-Type: text/javascript; charset=utf-8");
|
||||
if ($_GET["token"] != $token) { // CSRF protection
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($_GET["script"] == "db") {
|
||||
$sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0);
|
||||
|
|
Loading…
Reference in a new issue