diff options
author | Renato Botelho <renato@netgate.com> | 2017-04-10 15:06:32 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2017-04-10 15:07:44 -0300 |
commit | d2495e5893baa63b2973b66f7c1b9787fada2e30 (patch) | |
tree | 90526a8003197aa851f1e35e03247abd0a6faecd /src/usr/local/www | |
parent | 1d7a414705794f2527dc1b7b3bb5419db1024bb6 (diff) | |
download | pfsense-d2495e5893baa63b2973b66f7c1b9787fada2e30.zip pfsense-d2495e5893baa63b2973b66f7c1b9787fada2e30.tar.gz |
CSRF: Close session before exit
On CSRF, call phpsession_end() before exit to avoid syslog warning
about open session
Submitted by: PiBa-NL
Diffstat (limited to 'src/usr/local/www')
-rw-r--r-- | src/usr/local/www/csrf/csrf-magic.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/usr/local/www/csrf/csrf-magic.php b/src/usr/local/www/csrf/csrf-magic.php index c8f8ce4..bc7eead 100644 --- a/src/usr/local/www/csrf/csrf-magic.php +++ b/src/usr/local/www/csrf/csrf-magic.php @@ -201,6 +201,7 @@ function csrf_check($fatal = true) { $callback = $GLOBALS['csrf']['callback']; if (trim($tokens, 'A..Za..z0..9:;,') !== '') $tokens = 'hidden'; $callback($tokens); + phpsession_end(); exit; } return $ok; |