diff options
| author | jim-p <jimp@pfsense.org> | 2015-12-21 10:46:43 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-12-21 10:48:39 -0500 |
| commit | 69560def1623424ba91f41847b6f57d0e84cfa7a (patch) | |
| tree | 7b79fd194d3563bb5a9a6880dd67632ef12457bc /src/usr/local/www/diag_backup.php | |
| parent | 8ae9a909901ddb13306e6ac494240ff1fa720c4d (diff) | |
| download | pfsense-69560def1623424ba91f41847b6f57d0e84cfa7a.zip pfsense-69560def1623424ba91f41847b6f57d0e84cfa7a.tar.gz | |
Only disable CSRF on diag_backup.php for the download action where it might be scripted. Other actions need its protection.
Diffstat (limited to 'src/usr/local/www/diag_backup.php')
| -rw-r--r-- | src/usr/local/www/diag_backup.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/usr/local/www/diag_backup.php b/src/usr/local/www/diag_backup.php index 6a3b637..e961a81 100644 --- a/src/usr/local/www/diag_backup.php +++ b/src/usr/local/www/diag_backup.php @@ -69,7 +69,9 @@ ini_set('max_input_time', '0'); /* omit no-cache headers because it confuses IE with file downloads */ $omit_nocacheheaders = true; -$nocsrf = true; +if (stristr($_POST['Submit'], gettext("Download"))) { + $nocsrf = true; +} require("guiconfig.inc"); require_once("functions.inc"); require_once("filter.inc"); |
