Commit 63de4a81 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Check json session key in init.php

parent c618c31e
......@@ -176,6 +176,11 @@ if (!get_config('installed')
}
if (defined('JSON')) {
$sesskey = param_variable('sesskey');
global $USER;
if ($sesskey === null || $USER->get('sesskey') != $sesskey) {
redirect(get_config('wwwroot'));
}
}
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment