joachim/FileRise
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CSRF protections to state-changing endpoints

Browse Source
This commit is contained in:
Ryan
2025-03-18 11:46:23 -04:00
committed by GitHub
parent f709c23bcc
commit d23cefa8a9
23 changed files with 239 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
logout.php
View File

@@ -1,5 +1,12 @@
<?php
session_start();
$headers = array_change_key_case(getallheaders(), CASE_LOWER);
$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
if ($receivedToken !== $_SESSION['csrf_token']) {
echo json_encode(["error" => "Invalid CSRF token"]);
http_response_code(403);
exit;
}
$_SESSION = []; // Clear session data
session_destroy(); // Destroy session