Implementation for an Issue #2

2025-12-06 12:41:30 +00:00 · 2014-10-23 11:23:53 +02:00
parent 8dcad46805
commit fc1b05bec9
6 changed files with 51 additions and 1 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -457,6 +457,12 @@ def start():
                            infoMsg = "skipping %s parameter '%s'" % (place, parameter)
                            logger.info(infoMsg)

+                        elif parameter == conf.csrfToken:
+                            testSqlInj = False
+
+                            infoMsg = "skipping CSRF protection token parameter '%s'" % parameter
+                            logger.info(infoMsg)
+
                        # Ignore session-like parameters for --level < 4
                        elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
                            testSqlInj = False