From 8080c525fd453bfba9c35f01a08013e148bb2144 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 15 Sep 2020 16:12:53 +0300
Subject: - backend: require CSRF token to be passed via POST - do not leak
 CSRF token via GET request in feed debugger - rework Article/redirect to use
 POST

---
 backend.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'backend.php')

diff --git a/backend.php b/backend.php
index e65ce1b94..1bbeec2bd 100644
--- a/backend.php
+++ b/backend.php
@@ -20,7 +20,7 @@
 		return;
 	}
 
-	@$csrf_token = $_REQUEST['csrf_token'];
+	@$csrf_token = $_POST['csrf_token'];
 
 	require_once "autoload.php";
 	require_once "sessions.php";
-- 
cgit v1.2.3-54-g00ecf