see: https://github.com/postfixadmin/postfixadmin/issues/302 - check if the session key exists; and if not show something that may help

pull/308/head
David Goodwin 5 years ago
parent 58b064f1c8
commit 7360407b73

@ -37,8 +37,12 @@ if ($CONF['configured'] !== true) {
check_db_version(); # check if the database layout is up to date (and error out if not) check_db_version(); # check if the database layout is up to date (and error out if not)
if ($_SERVER['REQUEST_METHOD'] == "POST") { if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (!isset($_SESSION['PFA_token'])) {
die("Invalid token (session timeout; refresh the page and try again?)");
}
if (safepost('token') != $_SESSION['PFA_token']) { if (safepost('token') != $_SESSION['PFA_token']) {
die('Invalid token!'); die('Invalid token! (CSRF check failed)');
} }
$lang = safepost('lang'); $lang = safepost('lang');

Loading…
Cancel
Save