7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Important: Do not allow API actions with r/o session key, THANKS TO Samuel Oosterholt

Browse Source
This commit is contained in:
andryyy
2021-05-20 15:51:52 +02:00
parent a885dab0d3
commit 99ab945ae2
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
data/web/inc/footer.inc.php
View File

@@ -304,5 +304,12 @@ $(document).ready(function() {
</body>
</html>
<?php
if (isset($_SESSION['mailcow_cc_api'])) {
session_regenerate_id(true);
session_unset();
session_destroy();
session_write_close();
header("Location: /");
}
$stmt = null;
$pdo = null;