hiro/lack
1
0
Fork 0
mirror of https://github.com/vale981/lack synced 2025-03-05 09:21:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix csrf token check

Browse source
This commit is contained in:
cxxxr 2019-03-18 16:09:11 +09:00
parent abff8efeb0
commit 023444ea8f
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/middleware/csrf.lisp
View file

@ -53,6 +53,9 @@
(and csrf-token (and csrf-token
(let ((recieved-csrf-token (let ((recieved-csrf-token
(cdr (assoc "_csrf_token" (request-body-parameters req) :test #'string=)))) (cdr (assoc "_csrf_token" (request-body-parameters req) :test #'string=))))
;; for multipart/form-data
(when (listp recieved-csrf-token)
(setf recieved-csrf-token (first recieved-csrf-token)))
(string= csrf-token recieved-csrf-token))))) (string= csrf-token recieved-csrf-token)))))
(defun csrf-token (session) (defun csrf-token (session)