From 6710097e08f415e14f52be03f5b451e8e36f696b Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Mon, 10 Apr 2017 15:06:32 -0300 Subject: CSRF: Close session before exit On CSRF, call phpsession_end() before exit to avoid syslog warning about open session Submitted by: PiBa-NL --- src/usr/local/www/csrf/csrf-magic.php | 1 + 1 file changed, 1 insertion(+) (limited to 'src/usr/local/www/csrf/csrf-magic.php') diff --git a/src/usr/local/www/csrf/csrf-magic.php b/src/usr/local/www/csrf/csrf-magic.php index c8f8ce4..bc7eead 100644 --- a/src/usr/local/www/csrf/csrf-magic.php +++ b/src/usr/local/www/csrf/csrf-magic.php @@ -201,6 +201,7 @@ function csrf_check($fatal = true) { $callback = $GLOBALS['csrf']['callback']; if (trim($tokens, 'A..Za..z0..9:;,') !== '') $tokens = 'hidden'; $callback($tokens); + phpsession_end(); exit; } return $ok; -- cgit v1.1