CSRF: Close session before exit

On CSRF, call phpsession_end() before exit to avoid syslog warning about open session Submitted by: PiBa-NL
author: Renato Botelho <renato@netgate.com> 2017-04-10 15:06:32 -0300
committer: Renato Botelho <renato@netgate.com> 2017-04-10 15:07:44 -0300
commit: d2495e5893baa63b2973b66f7c1b9787fada2e30 (patch)
tree: 90526a8003197aa851f1e35e03247abd0a6faecd /src/usr/local/www
parent: 1d7a414705794f2527dc1b7b3bb5419db1024bb6 (diff)
download: pfsense-d2495e5893baa63b2973b66f7c1b9787fada2e30.zip
pfsense-d2495e5893baa63b2973b66f7c1b9787fada2e30.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/usr/local/www/csrf/csrf-magic.php b/src/usr/local/www/csrf/csrf-magic.php
index c8f8ce4..bc7eead 100644
--- a/src/usr/local/www/csrf/csrf-magic.php
+++ b/src/usr/local/www/csrf/csrf-magic.php
@@ -201,6 +201,7 @@ function csrf_check($fatal = true) {
         $callback = $GLOBALS['csrf']['callback'];
         if (trim($tokens, 'A..Za..z0..9:;,') !== '') $tokens = 'hidden';
         $callback($tokens);
+        phpsession_end();
         exit;
     }
     return $ok;
author	Renato Botelho <renato@netgate.com>	2017-04-10 15:06:32 -0300
committer	Renato Botelho <renato@netgate.com>	2017-04-10 15:07:44 -0300
commit	d2495e5893baa63b2973b66f7c1b9787fada2e30 (patch)
tree	90526a8003197aa851f1e35e03247abd0a6faecd /src/usr/local/www
parent	1d7a414705794f2527dc1b7b3bb5419db1024bb6 (diff)
download	pfsense-d2495e5893baa63b2973b66f7c1b9787fada2e30.zip pfsense-d2495e5893baa63b2973b66f7c1b9787fada2e30.tar.gz