iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-03-28 17:42:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

WebMods: Verify a session belongs to the remote IP address

Browse Source 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2262 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
psychon
2011-01-14 20:22:23 +00:00
parent 577a097e32
commit 4556cc7c9b
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
WebModules.cpp
View File

@@ -500,6 +500,11 @@ void CWebSock::OnPageRequest(const CString& sURI) {
}
CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CString& sPageRet) {
if (GetSession()->GetIP() != GetRemoteIP()) {
PrintErrorPage(403, "Access denied", "This session does not belong to your IP.");
return PAGE_DONE;
}
// Check that they really POSTed from one our forms by checking if they
// know the "secret" CSRF check value. Don't do this for login since
// CSRF against the login form makes no sense and the login form does a