diff options
author | Renato Botelho <renato@netgate.com> | 2017-04-10 15:06:32 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2017-04-10 15:06:32 -0300 |
commit | 6710097e08f415e14f52be03f5b451e8e36f696b (patch) | |
tree | a019daaf0fdd15808e16e2dc9aa56464e3e41008 /src | |
parent | 48da62b4932a041d044e70e2b2e116912a08dac7 (diff) | |
download | pfsense-6710097e08f415e14f52be03f5b451e8e36f696b.zip pfsense-6710097e08f415e14f52be03f5b451e8e36f696b.tar.gz |
CSRF: Close session before exit
On CSRF, call phpsession_end() before exit to avoid syslog warning
about open session
Submitted by: PiBa-NL
Diffstat (limited to 'src')
-rw-r--r-- | src/usr/local/www/csrf/csrf-magic.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/usr/local/www/csrf/csrf-magic.php b/src/usr/local/www/csrf/csrf-magic.php index c8f8ce4..bc7eead 100644 --- a/src/usr/local/www/csrf/csrf-magic.php +++ b/src/usr/local/www/csrf/csrf-magic.php @@ -201,6 +201,7 @@ function csrf_check($fatal = true) { $callback = $GLOBALS['csrf']['callback']; if (trim($tokens, 'A..Za..z0..9:;,') !== '') $tokens = 'hidden'; $callback($tokens); + phpsession_end(); exit; } return $ok; |