Skip to content
Permalink
Browse files Browse the repository at this point in the history
(cp 77f02bf) fixes #822, add token on configuration page to prevent CSRF
  • Loading branch information
plegall committed Dec 18, 2017
1 parent 53d62e0 commit c3b4c6f
Show file tree
Hide file tree
Showing 7 changed files with 8 additions and 0 deletions.
2 changes: 2 additions & 0 deletions admin/configuration.php
Expand Up @@ -150,6 +150,7 @@
//------------------------------ verification and registration of modifications
if (isset($_POST['submit']))
{
check_pwg_token();
$int_pattern = '/^\d+$/';

switch ($page['section'])
Expand Down Expand Up @@ -320,6 +321,7 @@
$template->assign(
array(
'U_HELP' => get_root_url().'admin/popuphelp.php?page=configuration',
'PWG_TOKEN' => get_pwg_token(),
'F_ACTION'=>$action
));

Expand Down
1 change: 1 addition & 0 deletions admin/themes/default/template/configuration_comments.tpl
Expand Up @@ -158,4 +158,5 @@
</button>
</p>

<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
1 change: 1 addition & 0 deletions admin/themes/default/template/configuration_default.tpl
Expand Up @@ -58,4 +58,5 @@

</div>

<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
1 change: 1 addition & 0 deletions admin/themes/default/template/configuration_display.tpl
Expand Up @@ -309,4 +309,5 @@
</button>
</p>

<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
1 change: 1 addition & 0 deletions admin/themes/default/template/configuration_main.tpl
Expand Up @@ -215,4 +215,5 @@ jQuery("input[name='mail_theme']").change(function() {
</button>
</p>

<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
1 change: 1 addition & 0 deletions admin/themes/default/template/configuration_sizes.tpl
Expand Up @@ -231,4 +231,5 @@
</button>
</p>

<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
1 change: 1 addition & 0 deletions admin/themes/default/template/configuration_watermark.tpl
Expand Up @@ -137,4 +137,5 @@
</button>
</p>

<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>

0 comments on commit c3b4c6f

Please sign in to comment.