First step to implementing new form security purge().

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5625 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Oct 3, 2008 · dd05dd6 · dd05dd6
1 parent a130223
commit dd05dd6
Show file tree

Hide file tree

Showing 31 changed files with 62 additions and 6 deletions.
diff --git a/manage_config_email_set.php b/manage_config_email_set.php
@@ -149,7 +149,7 @@
         }
 	}
 
-
+	form_security_purge('manage_config_email_set');
 ?>
 
 <br />

diff --git a/manage_config_revert.php b/manage_config_revert.php
@@ -53,6 +53,8 @@
 		foreach ( $t_revert_vars as $t_revert ) {
 			config_delete( $t_revert, null , $f_project_id );
 		}
+
+		form_security_purge('manage_config_revert');
 	}
 
 	$t_redirect_url = $f_return;

diff --git a/manage_custom_field_create.php b/manage_custom_field_create.php
@@ -43,6 +43,8 @@
 		$t_redirect_url = 'manage_custom_field_page.php';
 	}
 
+	form_security_purge('manage_custom_field_create');
+
 	html_page_top1();
 	html_meta_redirect( $t_redirect_url );
 	html_page_top2();

diff --git a/manage_custom_field_delete.php b/manage_custom_field_delete.php
@@ -50,6 +50,8 @@
 
 	custom_field_destroy( $f_field_id );
 
+	form_security_purge('manage_custom_field_delete');
+
 	html_page_top1();
 	html_meta_redirect( $f_return );
 	html_page_top2();

diff --git a/manage_custom_field_proj_add.php b/manage_custom_field_proj_add.php
@@ -43,5 +43,7 @@
 		}
 	}
 
+	form_security_purge('manage_custom_field_proj_add');
+
 	print_header_redirect( 'manage_custom_field_edit_page.php?field_id=' . $f_field_id );
 ?>
diff --git a/manage_custom_field_update.php b/manage_custom_field_update.php
@@ -56,6 +56,8 @@
 
 	custom_field_update( $f_field_id, $t_values );
 
+	form_security_purge('manage_custom_field_update');
+
 	html_page_top1();
 
 	html_meta_redirect( $f_return );

diff --git a/manage_proj_cat_add.php b/manage_proj_cat_add.php
@@ -60,6 +60,8 @@
 		}
 	}
 
+	form_security_purge( 'manage_proj_cat_add' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 
 	print_header_redirect( $t_redirect_url );

diff --git a/manage_proj_cat_copy.php b/manage_proj_cat_copy.php
@@ -58,5 +58,7 @@
 		}
 	}
 
+	form_security_purge( 'manage_proj_cat_copy' );
+
 	print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
-?>
+
diff --git a/manage_proj_cat_delete.php b/manage_proj_cat_delete.php
@@ -42,6 +42,8 @@
 	form_security_validate( 'manage_proj_cat_delete' );
 	category_remove( $f_project_id, $f_category );
 
+	form_security_purge( 'manage_proj_cat_delete' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 
 	html_page_top1();

diff --git a/manage_proj_cat_update.php b/manage_proj_cat_update.php
@@ -48,6 +48,8 @@
 	if ( strtolower( $f_category ) == strtolower( $f_new_category ) ||
 		 category_is_unique( $f_project_id, $f_new_category ) ) {
 		category_update( $f_project_id, $f_category, $f_new_category, $f_assigned_to );
+
+		form_security_purge( 'manage_proj_cat_update' );
 	} else {
 		trigger_error( ERROR_CATEGORY_DUPLICATE, ERROR );
 	}

diff --git a/manage_proj_create.php b/manage_proj_create.php
@@ -52,6 +52,8 @@
 		project_hierarchy_add( $t_project_id, $f_parent_id );
 	}
 
+	form_security_purge( 'manage_proj_create' );
+
 	$t_redirect_url = 'manage_proj_page.php';
 
 	html_page_top1();

diff --git a/manage_proj_custom_field_add_existing.php b/manage_proj_custom_field_add_existing.php
@@ -41,6 +41,8 @@
 
 	custom_field_link( $f_field_id, $f_project_id );
 
+	form_security_purge( 'manage_proj_custom_field_add_existing' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 
 	html_page_top1();

diff --git a/manage_proj_custom_field_copy.php b/manage_proj_custom_field_copy.php
@@ -46,5 +46,7 @@
 
  	project_copy_custom_fields( $t_dst_project_id, $t_src_project_id );
 
+	form_security_purge( 'manage_proj_custom_field_copy' );
+
  	print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
 ?>
diff --git a/manage_proj_custom_field_remove.php b/manage_proj_custom_field_remove.php
@@ -55,6 +55,8 @@
 	form_security_validate( 'manage_proj_custom_field_remove' );
 	custom_field_unlink( $f_field_id, $f_project_id );
 
+	form_security_purge( 'manage_proj_custom_field_remove' );
+
 	html_page_top1();
 	html_meta_redirect( $t_redirect_url );
 	html_page_top2();

diff --git a/manage_proj_custom_field_update.php b/manage_proj_custom_field_update.php
@@ -42,6 +42,8 @@
 
 	custom_field_set_sequence( $f_field_id, $f_project_id, $f_sequence );
 
+	form_security_purge( 'manage_proj_custom_field_update' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 ?>
 <?php html_page_top1() ?>

diff --git a/manage_proj_delete.php b/manage_proj_delete.php
@@ -37,6 +37,7 @@
 
 	form_security_validate( 'manage_proj_delete' );
 	project_delete( $f_project_id );
+	form_security_purge( 'manage_proj_delete' );
 
 	# Don't leave the current project set to a deleted project -
 	#  set it to All Projects

diff --git a/manage_proj_subproj_add.php b/manage_proj_subproj_add.php
@@ -41,6 +41,8 @@
 	}
 	project_hierarchy_add( $f_subproject_id, $f_project_id );
 
+	form_security_purge( 'manage_proj_subproj_add' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 
 	html_page_top1();

diff --git a/manage_proj_subproj_delete.php b/manage_proj_subproj_delete.php
@@ -34,6 +34,8 @@
 	access_ensure_project_level( config_get( 'manage_project_threshold' ), $f_project_id );
 
 	project_hierarchy_remove( $f_subproject_id, $f_project_id );
+
+	form_security_purge( 'manage_proj_subproj_delete' );
 
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 

diff --git a/manage_proj_update.php b/manage_proj_update.php
@@ -38,5 +38,7 @@
 
 	project_update( $f_project_id, $f_name, $f_description, $f_status, $f_view_state, $f_file_path, $f_enabled );
 
+	form_security_purge( 'manage_proj_update' );
+
 	print_header_redirect( 'manage_proj_page.php' );
 ?>
diff --git a/manage_proj_user_add.php b/manage_proj_user_add.php
@@ -41,5 +41,7 @@
 		project_add_user( $f_project_id, $t_user_id, $f_access_level );
 	}
 
+	form_security_purge( 'manage_proj_user_add' );
+
 	print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
 ?>
diff --git a/manage_proj_user_copy.php b/manage_proj_user_copy.php
@@ -50,5 +50,7 @@
 
 	project_copy_users( $t_dst_project_id, $t_src_project_id );
 
+	form_security_purge( 'manage_proj_user_copy' );
+
 	print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
 ?>
diff --git a/manage_proj_user_remove.php b/manage_proj_user_remove.php
@@ -24,6 +24,7 @@
 	require_once( 'core.php' );
 
 	auth_reauthenticate();
+	form_security_validate( 'manage_proj_user_remove' );
 
 	$f_project_id = gpc_get_int( 'project_id' );
 	$f_user_id = gpc_get_int( 'user_id', 0 );
@@ -38,8 +39,6 @@
 		# Confirm with the user
 		helper_ensure_confirmed( lang_get( 'remove_all_users_sure_msg' ), lang_get( 'remove_all_users_button' ) );
 
-		form_security_validate( 'manage_proj_user_remove' );
-
 		project_remove_all_users( $f_project_id );
 	}
 	else {
@@ -49,11 +48,11 @@
 			'<br/>' . lang_get( 'username' ) . ': ' . $t_user['username'],
 			lang_get( 'remove_user_button' ) );
 
-		form_security_validate( 'manage_proj_user_remove' );
-
 		project_remove_user( $f_project_id, $f_user_id );
 	}
 
+	form_security_purge( 'manage_proj_user_remove' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 
 	html_page_top1();

diff --git a/manage_proj_ver_add.php b/manage_proj_ver_add.php
@@ -66,6 +66,8 @@
 		}
 	}
 
+	form_security_purge( 'manage_proj_ver_add' );
+
 	if ( true == $f_add_and_edit ) {
 		$t_version_id = version_get_id( $t_version, $f_project_id );
 		$t_redirect_url = 'manage_proj_ver_edit_page.php?version_id='.$t_version_id;

diff --git a/manage_proj_ver_copy.php b/manage_proj_ver_copy.php
@@ -56,5 +56,7 @@
 		}
 	}
 
+	form_security_purge( 'manage_proj_ver_copy' );
+
 	print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
 ?>
diff --git a/manage_proj_ver_delete.php b/manage_proj_ver_delete.php
@@ -43,6 +43,7 @@
 
 	form_security_validate( 'manage_proj_ver_delete' );
 	version_remove( $f_version_id );
+	form_security_purge( 'manage_proj_ver_delete' );
 
 	html_page_top1();
 	html_meta_redirect( $t_redirect_url );

diff --git a/manage_proj_ver_update.php b/manage_proj_ver_update.php
@@ -54,6 +54,8 @@
 
 	version_update( $t_version );
 
+	form_security_purge( 'manage_proj_ver_update' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $t_version->project_id;
 ?>
 <?php

diff --git a/manage_user_create.php b/manage_user_create.php
@@ -77,6 +77,8 @@
 
 	$t_cookie = user_create( $f_username, $f_password, $f_email, $f_access_level, $f_protected, $f_enabled, $f_realname );
 
+	form_security_purge( 'manage_user_create' );
+
 	if ( $t_cookie === false ) {
 		$t_redirect_url = 'manage_user_page.php';
 	} else {

diff --git a/manage_user_delete.php b/manage_user_delete.php
@@ -39,6 +39,8 @@
 
 	user_delete( $f_user_id );
 
+	form_security_purge('manage_user_delete');
+
 	$t_redirect_url = 'manage_user_page.php';
 
 	html_page_top1();

diff --git a/manage_user_proj_add.php b/manage_user_proj_add.php
@@ -38,5 +38,7 @@
 		}
 	}
 
+	form_security_purge('manage_user_proj_add');
+
 	print_header_redirect( 'manage_user_edit_page.php?user_id=' . $f_user_id );
 ?>
diff --git a/manage_user_reset.php b/manage_user_reset.php
@@ -33,6 +33,8 @@
 	$t_result = user_reset_password( $f_user_id );
 	$t_redirect_url = 'manage_user_page.php';
 
+	form_security_purge('manage_user_reset');
+
 	html_page_top1();
 	if ( $t_result ) {
 		html_meta_redirect( $t_redirect_url );

diff --git a/manage_user_update.php b/manage_user_update.php
@@ -103,6 +103,9 @@
 
 	$result = db_query( $query );
 	$t_redirect_url = 'manage_user_edit_page.php?user_id=' . $c_user_id;
+
+	form_security_purge('manage_user_update');
+
 ?>
 <?php html_page_top1() ?>
 <?php