From 70b73048cce4b8ffc7ec91bbe54b9a76b1032784 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 2 Sep 2020 18:11:53 -0400 Subject: [PATCH] add csrf checks to frames view --- web/index.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/web/index.php b/web/index.php index 01a79472b..3d6f24fc7 100644 --- a/web/index.php +++ b/web/index.php @@ -222,11 +222,11 @@ ZM\Logger::Debug("View: $view Request: $request Action: $action User: " . ( isse if ( ZM_ENABLE_CSRF_MAGIC && ( $action != 'login' ) && - ( $view != 'view_video' ) && - ( $view != 'image' ) && + ( $view != 'view_video' ) && // only video no html + ( $view != 'image' ) && // view=image doesn't return html, just image data. ( $request != 'control' ) && - ( $view != 'frames' ) && - ( $view != 'archive' ) + //( $view != 'frames' ) && // big html can overflow ob + ( $view != 'archive' ) // returns data ) { require_once('includes/csrf/csrf-magic.php'); #ZM\Logger::Debug("Calling csrf_check with the following values: \$request = \"$request\", \$view = \"$view\", \$action = \"$action\"");