MyBB Community Forums

MyBB Community Forums > Extensions > Plugins > Plugin Development > How can I prevent CSRF in a plugin?
Full Version: How can I prevent CSRF in a plugin?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

0xB9

2018-05-14, 09:06 AM
Pretty much as the title says... I'm wondering how I can prevent CSRF in a plugin using $mybb->input['my_post_key']

I've been trying to patch a CSRF in a delete function but can't find any examples.

My current requests looks like this:

localhost/admin/index.php?empty=table&my_post_key=
but don't get an actual post key to display after the =

Could someone help me out or point me to some examples please?? Thank you! Rolleyes

Wires

2018-05-14, 09:21 AM
It should be:

localhost/admin/index.php?empty=table&my_post_key={$mybb->post_code}

0xB9

2018-05-14, 09:36 AM
Worked, Thank you!
MyBB Community Forums > Extensions > Plugins > Plugin Development > How can I prevent CSRF in a plugin?