Fix php notices w/ proper var checks

RaspAP · Sep 6, 2023 · c64bdb4 · c64bdb4
1 parent 55c0a49
commit c64bdb4
Showing 1 changed file with 20 additions and 18 deletions.
diff --git a/includes/functions.php b/includes/functions.php
@@ -318,23 +318,23 @@ function CSRFMetaTag()
  */
 function CSRFValidate()
 {
-    $post_token   = $_POST['csrf_token'];
-    $header_token = $_SERVER['HTTP_X_CSRF_TOKEN'];
+    if(isset($_POST['csrf_token'])) {
+        $post_token   = $_POST['csrf_token'];
+        $header_token = $_SERVER['HTTP_X_CSRF_TOKEN'];
 
-    if (empty($post_token) && empty($header_token)) {
-        return false;
-    }
-
-    $request_token = $post_token;
-    if (empty($post_token)) {
-        $request_token = $header_token;
-    }
-
-    if (hash_equals($_SESSION['csrf_token'], $request_token)) {
-        return true;
-    } else {
-        error_log('CSRF violation');
-        return false;
+        if (empty($post_token) && empty($header_token)) {
+            return false;
+        }
+        $request_token = $post_token;
+        if (empty($post_token)) {
+            $request_token = $header_token;
+        }
+        if (hash_equals($_SESSION['csrf_token'], $request_token)) {
+            return true;
+        } else {
+            error_log('CSRF violation');
+            return false;
+        }
     }
 }
 
@@ -685,8 +685,10 @@ function getColorOpt()
 }
 function getSidebarState()
 {
-    if ($_COOKIE['sidebarToggled'] == 'true' ) {
-        return"toggled";
+    if(isset($_COOKIE['sidebarToggled'])) {
+        if ($_COOKIE['sidebarToggled'] == 'true' ) {
+            return "toggled";
+        }
     }
 }