Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[wip] securing more forms through CSRF management
  • Loading branch information
vincib committed May 20, 2016
1 parent 6043e9c commit 396f8c2
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 0 deletions.
1 change: 1 addition & 0 deletions awstats/bureau/admin/aws_add.php
Expand Up @@ -47,6 +47,7 @@
}
?>
<form method="post" action="<?php if (!$id) echo "aws_doadd.php"; else echo "aws_doedit.php"; ?>" id="main" name="main">
<?php csrf_get(); ?>
<table class="tedit">
<tr><th><input type="hidden" name="id" value="<?php echo $id ?>" />
<label for="hostname"><?php __("Domain name"); ?></label></th><td>
Expand Down
1 change: 1 addition & 0 deletions awstats/bureau/admin/aws_list.php
Expand Up @@ -53,6 +53,7 @@
<?php if (!$nosta) { ?>

<form method="post" action="aws_del.php">
<?php csrf_get(); ?>
<table cellspacing="0" cellpadding="4">
<tr><th colspan="2"><?php __("Action"); ?></th><th><?php __("Domain name"); ?></th><th><?php __("Allowed Users"); ?></th><th><?php __("View the statistics"); ?></th></tr>
<?php
Expand Down
1 change: 1 addition & 0 deletions awstats/bureau/admin/aws_pass.php
Expand Up @@ -65,6 +65,7 @@
<?php } ?>

<form method="post" action="aws_pass.php" name="main" id="main">
<?php csrf_get(); ?>
<table class="tedit">
<tr><th>
<?php __("Username"); ?></th><td>
Expand Down
2 changes: 2 additions & 0 deletions awstats/bureau/admin/aws_users.php
Expand Up @@ -46,6 +46,7 @@
<?php } ?>

<form method="post" action="aws_useradd.php" name="main">
<?php csrf_get(); ?>
<table class="tedit">
<tr><th>
<label for="login"><?php __("Username"); ?></label></th><td>
Expand Down Expand Up @@ -74,6 +75,7 @@


<form method="post" action="aws_userdel.php" name="main2" id="main2">
<?php csrf_get(); ?>
<table class="tlist">
<tr><th colspan="2"><?php __("Action"); ?></th><th><?php __("Username"); ?></th></tr>
<?php
Expand Down
2 changes: 2 additions & 0 deletions ssl/panel/admin/ssl_new.php
Expand Up @@ -93,6 +93,7 @@ function switchlist() {
</script>

<form method="post" action="ssl_donew.php" name="main" id="main">
<?php csrf_get(); ?>
<table border="1" cellspacing="0" cellpadding="4" class="tedit">
<tr><td colspan="2">
<?php __("Please choose the domain name for which you want a SSL Certificate, or enter it manually"); ?>
Expand Down Expand Up @@ -133,6 +134,7 @@ function switchlist() {
<p><?php __("We will verify the content of those files and add them in your certificate repository"); ?></p>

<form method="post" action="ssl_doimport.php" name="main" id="main">
<?php csrf_get(); ?>
<table border="1" cellspacing="0" cellpadding="4" class="tedit">
<tr>
<th><label for="key"><?php __("RSA Private Key"); ?></label></th>
Expand Down
4 changes: 4 additions & 0 deletions ssl/panel/admin/ssl_view.php
Expand Up @@ -54,6 +54,7 @@
<p><?php __("Once you'll have your <i>Certificate File</i> (CRT) and a <i>Chained Certificate File</i> (CHAIN), please paste them here to finish the enrollment."); ?></p>

<form method="post" action="ssl_finalize.php" name="main" id="main">
<?php csrf_get(); ?>
<input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/>
<table border="1" cellspacing="0" cellpadding="4" class="tedit">
<tr>
Expand Down Expand Up @@ -177,6 +178,7 @@
?>
</p>
<form method="post" action="ssl_share.php">
<?php csrf_get(); ?>
<input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/>
<input type="hidden" name="action" id="action" value="0" />
<input class="inb cancel" type="submit" name="unshare" value="<?php __("Click here to stop sharing this certificate"); ?>" />
Expand All @@ -193,6 +195,7 @@
?>
</p>
<form method="post" action="ssl_share.php">
<?php csrf_get(); ?>
<input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/>
<input type="hidden" name="action" id="action" value="1" />
<input class="inb ok" type="submit" name="unshare" value="<?php __("Click here to share this certificate"); ?>" />
Expand All @@ -209,6 +212,7 @@
?>
<p>
<form method="post" action="ssl_finalize.php" name="main" id="main">
<?php csrf_get(); ?>
<input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/>
<input type="submit" class="inb delete" name="delete" value="<?php __("Delete"); ?>" onclick="return confirm('<?php
echo addslashes(_("Please confirm that you want to delete this certificate AND ITS PRIVATE KEY!"));
Expand Down

0 comments on commit 396f8c2

Please sign in to comment.