AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing CSRF check in TwoFactorController::deactivate()

Browse Source
This commit is contained in:
Frédéric Guillot
2019-01-30 20:21:12 -08:00
parent ef1abecee4
commit 19ea9ed620
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Controller/BaseController.php
View File

@@ -33,6 +33,13 @@ abstract class BaseController extends Base
}
}
protected function checkCSRFForm()
{
if (! $this->token->validateCSRFToken($this->request->getRawValue('csrf_token'))) {
throw new AccessForbiddenException();
}
}
/**
* Check webhook token
*
@@ -305,7 +312,7 @@ abstract class BaseController extends Base
return $filter;
}
/**
* Redirect the user after the authentication
*