From 42b67bde9d0b26786ba9f896efd8c3a8149f2265 Mon Sep 17 00:00:00 2001 From: Sven Slootweg Date: Mon, 10 Jun 2013 02:34:55 +0200 Subject: [PATCH] Protect against CSRFs properly --- public_html/rewrite.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/public_html/rewrite.php b/public_html/rewrite.php index 8fd6814..b6c65d5 100644 --- a/public_html/rewrite.php +++ b/public_html/rewrite.php @@ -14,6 +14,18 @@ $_APP = true; require("includes/base.php"); +if(strtolower($_SERVER["REQUEST_METHOD"]) == "post") +{ + try + { + CSRF::VerifyToken(); + } + catch (CsrfException $e) + { + die(); + } +} + $router = new CPHPRouter(); $router->ignore_query = true; $router->allow_slash = true;