Marius Cramer
2015-05-21 352477d825ab875b975495ff784c8addaaa6af21
- fixed csrf protection
3 files modified
4 ■■■■ changed files
interface/lib/classes/tform_base.inc.php 2 ●●●●● patch | view | raw | blame | history
interface/lib/lang/de.lng 1 ●●●● patch | view | raw | blame | history
interface/lib/lang/en.lng 1 ●●●● patch | view | raw | blame | history
interface/lib/classes/tform_base.inc.php
@@ -709,6 +709,8 @@
                }
                if($_csrf_valid !== true) {
                    $app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
                    $errmsg = 'err_csrf_attempt_blocked';
                    $this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n";
                    unset($_POST);
                    unset($record);
                }
interface/lib/lang/de.lng
@@ -41,6 +41,7 @@
$wb['top_menu_domain'] = 'Domains';
$wb['top_menu_dashboard'] = 'Übersicht';
$wb['latest_news_txt'] = 'Neuigkeiten';
$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
$wb['top_menu_vm'] = 'vServer';
$wb['daynamesmin_su'] = 'So';
$wb['daynamesmin_mo'] = 'Mo';
interface/lib/lang/en.lng
@@ -131,6 +131,7 @@
$wb['datalog_status_i_web_folder_user'] = 'Create folder protection user';
$wb['datalog_status_u_web_folder_user'] = 'Update folder protection user';
$wb['datalog_status_d_web_folder_user'] = 'Delete folder protection user';
$wb['err_csrf_attempt_blocked'] = 'CSRF attempt blocked.';
$wb['login_as_txt'] = 'Log in as';
$wb["no_domain_perm"] = 'You have no permission for this domain.';
$wb["no_destination_perm"] = 'You have no permission for this destination.';