We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent f59ffb0 commit 6ad1349Copy full SHA for 6ad1349
lhc_web/design/defaulttheme/tpl/lhfile/configuration.tpl.php
@@ -10,6 +10,8 @@
10
11
<form action="" ng-non-bindable method="post">
12
13
+ <?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
14
+
15
<div class="row">
16
<div class="col-6">
17
<div class="form-group">
lhc_web/modules/lhfile/configuration.php
@@ -7,6 +7,12 @@
7
8
9
if (isset($_POST['StoreFileConfiguration'])) {
+ if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+ erLhcoreClassModule::redirect('file/configuration');
+ exit;
+ }
$definition = array(
'AllowedFileTypes' => new ezcInputFormDefinitionElement(
18
ezcInputFormDefinitionElement::OPTIONAL, 'string'
0 commit comments