paramecio/parameciofm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Little security fix

Browse source
This commit is contained in:
Antonio de la Rosa 2019-06-22 16:08:52 +02:00
parent 44641994ed
commit abb4a56a02
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
paramecio/citoplasma/httputils.py
View file

@ -109,6 +109,12 @@ class GetPostFiles:
if self.post['csrf_token']!=s['csrf_token'] or self.post['csrf_token'].strip()=="": if self.post['csrf_token']!=s['csrf_token'] or self.post['csrf_token'].strip()=="":
# Clean csrf_token
del s['csrf_token']
s.save()
#raise NameError('Error: you need a valid csrf_token') #raise NameError('Error: you need a valid csrf_token')
raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'token_invalid': 1}), status=200, headers={'Content-type': 'application/json'}) raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'token_invalid': 1}), status=200, headers={'Content-type': 'application/json'})
else: else: