nerbert
09-22-2014, 03:11 AM
I've been working on an adminCP project recently and I have an AJAX request that, until recently, didn't send SECURITYTOKEN or ADMINHASH in the query string, but the request went through without any error or redirect.
I see other admin files don't define CSRF at the top of the file but if they don't use it why do they bother with the security token and admin hash? I would like to use that for security. How do I make CSRF protection work? And what does
define('CVS_REVISION', '$RCSfile$ - $Revision: 53302 $');
mean?
I see other admin files don't define CSRF at the top of the file but if they don't use it why do they bother with the security token and admin hash? I would like to use that for security. How do I make CSRF protection work? And what does
define('CVS_REVISION', '$RCSfile$ - $Revision: 53302 $');
mean?