Little security fix

2019-06-22 16:08:52 +02:00 · 2019-06-22 16:08:52 +02:00 · abb4a56a02
commit abb4a56a02
parent 44641994ed
1 changed files with 6 additions and 0 deletions
--- a/paramecio/citoplasma/httputils.py
+++ b/paramecio/citoplasma/httputils.py
@ -109,6 +109,12 @@ class GetPostFiles:

                if self.post['csrf_token']!=s['csrf_token'] or self.post['csrf_token'].strip()=="":
                    
+                    # Clean csrf_token
+                    
+                    del s['csrf_token']
+                        
+                    s.save()
+                    
                    #raise NameError('Error: you need a valid csrf_token')
                    raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'token_invalid': 1}), status=200, headers={'Content-type': 'application/json'})
                else: