On my system (Apache 2.2.20 w/php 5.3.6), the absence of a csrf_token in the request structure generates an error, which is the sent to the Apache error log. Since it is not really an actual error to not have a csrf_token, this suggested patch just checks first. Avoids polluting the error log with non-errors.
Code: Select all
diff --git a/backend.php b/backend.php
index 3b1208f..8223a97 100644
--- a/backend.php
+++ b/backend.php
@@ -35,7 +35,7 @@
return;
}
- $csrf_token = $_REQUEST['csrf_token'];
+ $csrf_token = isset($_REQUEST['csrf_token']) ? $_REQUEST['csrf_token'] : "";
require_once "functions.php";
require_once "sessions.php";