joachim/FileRise
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CSRF protections to state-changing endpoints

Browse Source
This commit is contained in:
Ryan
2025-03-18 11:46:23 -04:00
committed by GitHub
parent f709c23bcc
commit d23cefa8a9
23 changed files with 239 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
renameFile.php
View File

@@ -5,6 +5,16 @@ header("Cache-Control: no-cache, no-store, must-revalidate");
header("Pragma: no-cache");
header("Expires: 0");
// --- CSRF Protection ---
$headers = array_change_key_case(getallheaders(), CASE_LOWER);
$receivedToken = isset($headers['x-csrf-token']) ? trim($headers['x-csrf-token']) : '';
if ($receivedToken !== $_SESSION['csrf_token']) {
echo json_encode(["error" => "Invalid CSRF token"]);
http_response_code(403);
exit;
}
// Ensure user is authenticated
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
echo json_encode(["error" => "Unauthorized"]);