ensure consistent session behavior

2025-04-11 22:36:43 -04:00
parent 8553efabc1
commit b06c49f213
16 changed files with 49 additions and 62 deletions
--- a/saveFileTag.php
+++ b/saveFileTag.php
@@ -13,11 +13,11 @@ if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
 }

 // CSRF Protection: validate token from header.
-$headers = getallheaders();
-if (!isset($headers['X-CSRF-Token']) || $headers['X-CSRF-Token'] !== $_SESSION['csrf_token']) {
-    echo json_encode(["error" => "Invalid CSRF token."]);
-    http_response_code(403);
-    exit;
+$headers = array_change_key_case(getallheaders(), CASE_LOWER);
+$csrfHeader = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
+
+if (!isset($_SESSION['csrf_token']) || $csrfHeader !== $_SESSION['csrf_token']) {
+    respond('error', 403, 'Invalid CSRF token');
 }

 $username = $_SESSION['username'] ?? '';