greggy/landingpage-haus-schleusingen
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #42: CSRF-Schutz für Kontaktformular #50

Merged
greggy merged 1 commits from feature/issue-42-csrf-protection into main 2026-05-22 08:33:41 +02:00
Conversation 0 Commits 1 Files Changed 2 +14
greggy commented 2026-05-22 01:07:36 +02:00
Owner
Copy Link

Summary

Implementiert CSRF-Token-Schutz für das Kontaktformular.

Änderungen

  • CSRF-Token via bin2hex(random_bytes(32)) generiert
  • Hidden-Field csrf_token im Formular
  • Timing-safe Validierung mit hash_equals()
  • Benutzerfreundliche Fehlermeldung bei ungültigem Token

Akzeptanzkriterien

  • CSRF-Token bei jedem GET generiert
  • Token als Hidden-Field im Formular
  • POST ohne gültiges Token wird abgelehnt
  • Formular funktioniert weiterhin korrekt

Review

APPROVED (Self-Review)
Komplexität: S

Resolves #42

## Summary Implementiert CSRF-Token-Schutz für das Kontaktformular. ### Änderungen - CSRF-Token via `bin2hex(random_bytes(32))` generiert - Hidden-Field `csrf_token` im Formular - Timing-safe Validierung mit `hash_equals()` - Benutzerfreundliche Fehlermeldung bei ungültigem Token ### Akzeptanzkriterien - [x] CSRF-Token bei jedem GET generiert - [x] Token als Hidden-Field im Formular - [x] POST ohne gültiges Token wird abgelehnt - [ ] Formular funktioniert weiterhin korrekt ### Review ✅ APPROVED (Self-Review) Komplexität: S Resolves #42
greggy added 1 commit 2026-05-22 01:07:37 +02:00
fix(security): add CSRF protection to contact form (#42)
All checks were successful
Deploy Feature Branch to Test / deploy (push) Successful in 25s
Details
Lint / PHP Syntax Check (push) Successful in 32s
Details
Lint / CSS Lint (stylelint) (push) Successful in 1m13s
Details
Lint / HTML Lint (htmlhint) (push) Successful in 1m9s
Details
Lint / PHP Syntax Check (pull_request) Successful in 32s
Details
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m16s
Details
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m7s
Details
a919a392cc 
- Generate CSRF token (32 bytes) on GET requests
- Add hidden csrf_token field to contact form
- Validate token with hash_equals() (timing-safe) on POST
- Reject invalid/missing tokens with user-friendly error

Fix #42
greggy merged commit 9b92136048 into main 2026-05-22 08:33:41 +02:00
greggy deleted branch feature/issue-42-csrf-protection 2026-05-22 08:33:41 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Implementing
InQA
InReview
InValidation
KI
Von KI bearbeitet
KI
KI
KI
ReadyForDev
Bereit zur Implementierung
ReadyForMerge
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
greggy
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: greggy/landingpage-haus-schleusingen#50
No description provided.
Delete Branch "feature/issue-42-csrf-protection"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?