csrf_token error log patch

Development-related discussion, including bundled plugins
User avatar
gmargo
Bear Rating Disaster
Bear Rating Disaster
Posts: 62
Joined: 08 Jan 2012, 22:33
Location: Silicon Valley

csrf_token error log patch

Postby gmargo » 08 Jan 2012, 23:03

Hello, my first forum post. I thought about filing a bug report, but it's not really a bug, so....

On my system (Apache 2.2.20 w/php 5.3.6), the absence of a csrf_token in the request structure generates an error, which is the sent to the Apache error log. Since it is not really an actual error to not have a csrf_token, this suggested patch just checks first. Avoids polluting the error log with non-errors.

Code: Select all

diff --git a/backend.php b/backend.php
index 3b1208f..8223a97 100644
--- a/backend.php
+++ b/backend.php
@@ -35,7 +35,7 @@
                return;
        }
 
-       $csrf_token = $_REQUEST['csrf_token'];
+       $csrf_token = isset($_REQUEST['csrf_token']) ? $_REQUEST['csrf_token'] : "";
 
        require_once "functions.php";
        require_once "sessions.php";

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: csrf_token error log patch

Postby fox » 08 Jan 2012, 23:52

Yeah, thanks for reporting this. Fixed in trunk.

https://github.com/gothfox/Tiny-Tiny-RS ... cb3603c891


Return to “Development”

Who is online

Users browsing this forum: No registered users and 3 guests