fic/server
Archived
1
0
Fork 0
Code Issues Pull requests 10 Releases Wiki Activity

New router and associated pages

Browse source
This commit is contained in:
Némunaire 2013-10-22 08:16:02 +02:00
parent 68dcb996c9
commit bed471d75a
12 changed files with 134 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

15
onyx/include/common.php
View file

@ -7,26 +7,13 @@ if (empty($sess->values["connected"]) && !defined("xCSRF"))
require_once("functions.php"); //Inclusion des principales fonctions
require_once("common/Exercice.class.php");
require_once("common/Team.class.php");
require_once("common/Theme.class.php");
require_once("common/User.class.php");
//On charge la session
$SESS = new Session();
$template = new Template();
$template->assign("ERRmessage", false);
$template->assign("auth_lvl", $SESS->level);
$template->assign("SESS", $SESS->values);
$template->assign("END", $VAR['end_challenge'] - time());
if (!empty($LANG))
$template->assign("LANG", $LANG);
//Evite les attaques CSRF
if ($SESS->level > 2 && !empty($_SERVER["HTTP_REFERER"]) && !(preg_match('#^http://'.$_SERVER['HTTP_HOST'].'#', $_SERVER["HTTP_REFERER"]) && defined("xCSRF")))
{
elog("Possibilité d'attaque CSRF\n".var_export($_REQUEST, TRUE), 2);
unset($_POST, $_GET);
$_GET = $_POST = array();
}