TomboFry / microlight

A fully IndieWeb-compatible PHP blogging engine
GNU Affero General Public License v3.0
37 stars 3 forks source link

Install file should use CSRF token to validate installation process #12

Closed TomboFry closed 6 years ago

TomboFry commented 6 years ago

Currently, you can POST to the install script and it will add a user and links to the database without actually verifying that you were the one who actually filled in the form and pressed install.

Even on POST, it should check to see whether the database has already been set up before processing.