How can I prevent CSRF in a plugin?
#1
Pretty much as the title says... I'm wondering how I can prevent CSRF in a plugin using $mybb->input['my_post_key']

I've been trying to patch a CSRF in a delete function but can't find any examples.

My current requests looks like this:

localhost/admin/index.php?empty=table&my_post_key=
but don't get an actual post key to display after the =

Could someone help me out or point me to some examples please?? Thank you! Rolleyes
Reply
#2
It should be:

localhost/admin/index.php?empty=table&my_post_key={$mybb->post_code}
Plugin Count: I lost count.
Public Plugins are available here.
Please do not PM me for support unless asked to.
Reply
#3
Worked, Thank you!
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)