diff options
author | Frédéric Guillot <fred@kanboard.net> | 2019-01-30 20:21:12 -0800 |
---|---|---|
committer | Frédéric Guillot <fred@kanboard.net> | 2019-01-30 20:21:12 -0800 |
commit | 19ea9ed6209b36cba5cb8f96224d9e3a0c022c93 (patch) | |
tree | 2037ed7b8738d8ec2c37d05e91fc64b926cee8b9 /app/Controller/BaseController.php | |
parent | ef1abecee4d7860c1e612310ed3509d321039e6f (diff) |
Add missing CSRF check in TwoFactorController::deactivate()
Diffstat (limited to 'app/Controller/BaseController.php')
-rw-r--r-- | app/Controller/BaseController.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php index c984a702..637c3db1 100644 --- a/app/Controller/BaseController.php +++ b/app/Controller/BaseController.php @@ -33,6 +33,13 @@ abstract class BaseController extends Base } } + protected function checkCSRFForm() + { + if (! $this->token->validateCSRFToken($this->request->getRawValue('csrf_token'))) { + throw new AccessForbiddenException(); + } + } + /** * Check webhook token * @@ -305,7 +312,7 @@ abstract class BaseController extends Base return $filter; } - + /** * Redirect the user after the authentication * |