mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-20 03:36:20 +02:00
see: https://github.com/postfixadmin/postfixadmin/issues/302 - check if the session key exists; and if not show something that may help
This commit is contained in:
parent
58b064f1c8
commit
7360407b73
@ -37,8 +37,12 @@ if ($CONF['configured'] !== true) {
|
||||
check_db_version(); # check if the database layout is up to date (and error out if not)
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
if (!isset($_SESSION['PFA_token'])) {
|
||||
die("Invalid token (session timeout; refresh the page and try again?)");
|
||||
}
|
||||
|
||||
if (safepost('token') != $_SESSION['PFA_token']) {
|
||||
die('Invalid token!');
|
||||
die('Invalid token! (CSRF check failed)');
|
||||
}
|
||||
|
||||
$lang = safepost('lang');
|
||||
|
Loading…
Reference in New Issue
Block a user