Permalink
Browse files

fixes #822, add token on configuration page to prevent CSRF

  • Loading branch information...
plegall committed Dec 18, 2017
1 parent 9e29db0 commit 77f02bfd76ed13dd14044d04cdd8d28213e1848d
View
@@ -150,6 +150,7 @@
//------------------------------ verification and registration of modifications
if (isset($_POST['submit']))
{
check_pwg_token();
$int_pattern = '/^\d+$/';
switch ($page['section'])
@@ -320,6 +321,7 @@
$template->assign(
array(
'U_HELP' => get_root_url().'admin/popuphelp.php?page=configuration',
'PWG_TOKEN' => get_pwg_token(),
'F_ACTION'=>$action
));
@@ -158,4 +158,5 @@
</button>
</p>
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
@@ -58,4 +58,5 @@
</div>
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
@@ -309,4 +309,5 @@
</button>
</p>
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
@@ -215,4 +215,5 @@ jQuery("input[name='mail_theme']").change(function() {
</button>
</p>
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
@@ -231,4 +231,5 @@
</button>
</p>
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
@@ -137,4 +137,5 @@
</button>
</p>
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>

0 comments on commit 77f02bf

Please sign in to comment.