DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
devel:security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
devel:security [2016-06-20 20:32] – [Typical Vulnerability Example] Grammar 139.174.200.55devel:security [2016-06-20 20:34] – [Prevent CSRF] Typo 139.174.200.55
Line 218: Line 218:
 </code> </code>
  
-Do you see the first input? Yes? Good. Now you have to check the security token when you recieve the form, before processing it:+Do you see the first input? Yes? Good. Now you have to check the security token when you receive the form, before processing it:
  
 <code php> <code php>
Line 228: Line 228:
 As the malicious website will never find the value of the "sectok" hidden input, your form is no longer vulnerable to CSRF. As the malicious website will never find the value of the "sectok" hidden input, your form is no longer vulnerable to CSRF.
  
-**Note:** If the security token is not valid, the checkSecurityToken() function displays a message which inform the user.+**Note:** If the security token is not valid, the checkSecurityToken() function displays a message which informs the user.
  
  
devel/security.txt · Last modified: 2023-08-14 13:41 by Klap-in
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links