Vulnerability remediation
This commit is contained in:
12
signin.php
12
signin.php
@@ -19,9 +19,11 @@
|
||||
ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION
|
||||
ini_set('session.gc_probability', 1); // GC RATES
|
||||
ini_set('session.gc_divisor', 100); // TIMES
|
||||
ini_set("session. cookie_httponly", 1);
|
||||
session_save_path('.tmp'); // TEMP
|
||||
session_start(); // START
|
||||
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
|
||||
use App\LobbySIO\Misc\Csrf; // ANTICSRF
|
||||
$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES
|
||||
$SiteInfo = new \App\LobbySIO\Database\SiteInfo();
|
||||
$Users = new \App\LobbySIO\Database\Users();
|
||||
@@ -46,7 +48,14 @@
|
||||
require_once("inc/header.inc.php");
|
||||
if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS
|
||||
header('Location: index.php'); // ELSE HOME
|
||||
} else { ?>
|
||||
} else {
|
||||
header("X-Frame-Options: SAMEORIGIN");
|
||||
header("Content-Security-Policy: frame-ancestors 'none'", false);
|
||||
if (!empty($_GET['a'])) {
|
||||
echo '<pre>' . print_r($_POST, true) . '</pre>';
|
||||
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
|
||||
}
|
||||
?>
|
||||
|
||||
<!-- START CONTENT -->
|
||||
<div class="container">
|
||||
@@ -56,6 +65,7 @@
|
||||
</div>
|
||||
</div>
|
||||
<form name="form-signin" class="needs-validation" action="signin_1.php" method="post" novalidate>
|
||||
<?php echo Csrf::getInputToken('home') ?>
|
||||
<div class="form-group form-row">
|
||||
<div class="form-check">
|
||||
<input class="form-check-input" type="checkbox" value="" id="q1" required>
|
||||
|
||||
Reference in New Issue
Block a user