CSRF protection of included JavaScript

This commit is contained in:
Jakub Vrana 2010-10-18 01:20:02 +02:00
parent 031a82a4ad
commit 6f5c1981a0
3 changed files with 5 additions and 2 deletions

View file

@ -155,6 +155,6 @@ if ($_GET["ns"] !== "") {
} }
page_footer(); page_footer();
echo "<script type='text/javascript' src='" . h(ME) . "script=db'></script>\n"; echo "<script type='text/javascript' src='" . h(ME . "script=db&token=$token") . "'></script>\n";
exit; // page_footer() already called exit; // page_footer() already called
} }

View file

@ -43,7 +43,7 @@ function connect_error() {
} }
} }
page_footer("db"); page_footer("db");
echo "<script type='text/javascript' src='" . h(ME) . "script=connect'></script>\n"; echo "<script type='text/javascript' src='" . h(ME . "script=connect&token=$token") . "'></script>\n";
} }
if (isset($_GET["status"])) { if (isset($_GET["status"])) {

View file

@ -1,5 +1,8 @@
<?php <?php
header("Content-Type: text/javascript; charset=utf-8"); header("Content-Type: text/javascript; charset=utf-8");
if ($_GET["token"] != $token) { // CSRF protection
exit;
}
if ($_GET["script"] == "db") { if ($_GET["script"] == "db") {
$sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0); $sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0);