Skip to content

Commit

Permalink
sec(2FA) apply CSRF check
Browse files Browse the repository at this point in the history
  • Loading branch information
joebordes committed Jun 2, 2023
1 parent 659e328 commit 2e415fb
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Smarty/templates/modules/Utilities/2fa.tpl
Expand Up @@ -13,7 +13,7 @@
</header>
<div class="slds-modal__content slds-app-launcher__content slds-p-around_medium">
{include file='applicationmessage.tpl'}
<form role="form" style="margin:0 100px;" name="faform">
<form role="form" style="margin:0 100px;" name="faform" method="post">
<input type="hidden" name="module" value="Utilities">
<input type="hidden" name="action" value="integration">
<input type="hidden" name="_op" id="_op" value="setconfig2fa">
Expand Down
1 change: 1 addition & 0 deletions include/integrations/2fa/settings.php
Expand Up @@ -27,6 +27,7 @@
$do2FA = GlobalVariable::getVariable('User_2FAAuthentication', 0, 'Users', $userid);
$isAppActive = ($do2FA==1);
if (!empty($userid) && $_REQUEST['_op']=='setconfig2fa' && $isPermitted=='yes') {
Vtiger_Request::validateRequest();
$isFormActive = ((empty($_REQUEST['2faactive']) || $_REQUEST['2faactive']!='on') ? '0' : '1');
$crmEntityTable = CRMEntity::getcrmEntityTableAlias('GlobalVariable');
$recexists = $adb->pquery(
Expand Down

0 comments on commit 2e415fb

Please sign in to comment.