Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-24 18:59:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Expose a CSRF token when logged in

Browse Source
This commit is contained in:
Mcat12
2017-04-02 19:20:05 -04:00
parent 5092133719
commit d956c35c24
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/pi-hole/php/header.php
View File

@@ -12,6 +12,12 @@
check_cors();
// Generate CSRF token
if(empty($_SESSION['token'])) {
$_SESSION['token'] = base64_encode(openssl_random_pseudo_bytes(32));
}
$token = $_SESSION['token'];
// Try to get temperature value from different places (OS dependent)
if(file_exists("/sys/class/thermal/thermal_zone0/temp"))
{
@@ -196,6 +202,11 @@
<p>To enable Javascript click <a href="http://www.enable-javascript.com/" target="_blank">here</a></p><label for="js-hide">Close</label></div>
</div>
<!-- /JS Warning -->
<?php
if($auth) {
echo "<div id='token' hidden>$token</div>";
}
?>
<script src="scripts/pi-hole/js/header.js"></script>
<!-- Send token to JS -->
<div id="token" hidden><?php if($auth) echo $token; ?></div>