ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

use ZM_AUTH_HASH_SECRET for the key, not the secret

pull/1857/head
Isaac Connor 2017-05-05 16:15:34 -04:00
parent a0e4e6537e
commit 1ff367373f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/includes/csrf/csrf-magic.php
View File

@ -102,7 +102,7 @@ $GLOBALS['csrf']['user'] = false;
* tokens, and have Squid ignore that cookie for get requests, for anonymous
* users. (If you haven't guessed, this scheme was(?) used for MediaWiki).
*/
$GLOBALS['csrf']['key'] = false;
$GLOBALS['csrf']['key'] = ZM_AUTH_HASH_SECRET;
/**
* The name of the magic CSRF token that will be placed in all forms, i.e.