gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add csrf protection

Browse Source
This commit is contained in:
Uwe Steinmann 2021-01-25 09:00:28 +01:00
parent 6dbcd3362f
commit 64152e0d0b
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
op/op.ChangePassword.php
View File

@ -38,6 +38,11 @@ function _printMessage($heading, $message) {
return; return;
} }
/* Check if the form data comes from a trusted request */
if(!checkFormKey('changepassword')) {
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
}
if (isset($_POST["hash"])) { if (isset($_POST["hash"])) {
$hash = $_POST["hash"]; $hash = $_POST["hash"];
} }

1
views/bootstrap/class.ChangePassword.php
View File

@ -51,6 +51,7 @@ document.form1.newpassword.focus();
$this->contentContainerStart(); $this->contentContainerStart();
?> ?>
<form class="form-horizontal" action="../op/op.ChangePassword.php" method="post" name="form1"> <form class="form-horizontal" action="../op/op.ChangePassword.php" method="post" name="form1">
<?php echo createHiddenFieldWithKey('changepassword'); ?>
<?php <?php
if ($referuri) { if ($referuri) {
echo "<input type='hidden' name='referuri' value='".$referuri."'/>"; echo "<input type='hidden' name='referuri' value='".$referuri."'/>";