MACscr Posted February 17, 2017 Share Posted February 17, 2017 Seems a hidden field named "token" is added to any form within WHMCS that I am assuming is for CSRF, doesnt matter if its a custom one or not. Since this is the case, how can we as developers within our form processors validate the token? 0 Quote Link to comment Share on other sites More sharing options...
MACscr Posted February 23, 2017 Author Share Posted February 23, 2017 No one? I would think others would be taking advantage of this as well. I thought the token might be saved in the $_SESSION array, but doesnt seem to be. 0 Quote Link to comment Share on other sites More sharing options...
websavers Posted January 17 Share Posted January 17 For posterity: {$GLOBALS['CONFIG']['Token']} So send that in your submission and when your code receives the value, compare that to the above. 0 Quote Link to comment Share on other sites More sharing options...
websavers Posted January 18 Share Posted January 18 Apologies, the above doesn't work in all cases. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.