Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection

2025-12-02 21:08:56 +02:00
parent 5985506001
commit a311e81a12
19 changed files with 190 additions and 0 deletions
--- a/add_campsite.php
+++ b/add_campsite.php
@@ -1,7 +1,14 @@
 <?php include_once('connection.php');
 include_once('functions.php');
 require_once("env.php");
+
+use Middleware\CsrfMiddleware;
+
 session_start();
+
+// Validate CSRF token
+CsrfMiddleware::requireToken($_POST);
+
 $user_id = $_SESSION['user_id']; // assuming you're storing it like this

 // campsites.php