close #69: in the config page, you are notified of the release of a new version

[github/wallabag/wallabag.git] / index.php

diff --git a/index.php b/index.php
index 294620d1ebcc4136bc0f3c10d860a200a3bd283d..654403c8415d853333666ddaa1cc1cc621c5c4b6 100644 (file)
--- a/index.php
+++ b/index.php
@@ -11,16 +11,15 @@
 include dirname(__FILE__).'/inc/poche/config.inc.php';
 
 #XSRF protection with token
-// if (!empty($_POST)) {
-//     if (!Session::isToken($_POST['token'])) {
-//         die(_('Wrong token'));
-//         // TODO remettre le test
-//     }
-//     unset($_SESSION['tokens']);
-// }
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die(_('Wrong token'));
+    }
+    unset($_SESSION['tokens']);
+}
 
 $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
-$view = Tools::checkVar('view');
+$view = Tools::checkVar('view', 'home');
 $action = Tools::checkVar('action');
 $id = Tools::checkVar('id');
 $_SESSION['sort'] = Tools::checkVar('sort');