joachim/FileRise
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CSRF protections to state-changing endpoints

Browse Source
This commit is contained in:
Ryan
2025-03-18 11:46:23 -04:00
committed by GitHub
parent f709c23bcc
commit d23cefa8a9
23 changed files with 239 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
removeUser.php
View File

@@ -3,6 +3,13 @@ require 'config.php';
header('Content-Type: application/json');
$usersFile = USERS_DIR . USERS_FILE;
$headers = array_change_key_case(getallheaders(), CASE_LOWER);
$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
if ($receivedToken !== $_SESSION['csrf_token']) {
echo json_encode(["error" => "Invalid CSRF token"]);
http_response_code(403);
exit;
}
// Only allow admins to remove users
if (