die louder if CSRF is missing for admin actions

2024-01-16 10:55:03 +00:00 · 2024-01-16 10:55:03 +00:00 · ea1867f92d
commit ea1867f92d
parent 7f20b17a59
1 changed files with 2 additions and 0 deletions
--- a/ext/admin/main.php
+++ b/ext/admin/main.php
@ -58,6 +58,8 @@ class AdminPage extends Extension
                        shm_set_timeout(null);
                        $database->set_timeout(null);
                        send_event($aae);
+                    } else {
+                        throw new SCoreException("Invalid CSRF token");
                    }

                    if ($aae->redirect) {