- fixed csrf handling on server config edit
| | |
| | | unset($_POST); |
| | | unset($record); |
| | | } |
| | | $_SESSION['_csrf'][$_csrf_id] = null; |
| | | $_SESSION['_csrf_timeout'][$_csrf_id] = null; |
| | | unset($_SESSION['_csrf'][$_csrf_id]); |
| | | unset($_SESSION['_csrf_timeout'][$_csrf_id]); |
| | | |
| | | if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) { |
| | | $to_unset = array(); |
| | |
| | | } |
| | | } |
| | | } |
| | | |
| | | if($app->tform->errorMessage == '') { |
| | | $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section); |
| | | $server_config_str = $app->ini_parser->get_ini_string($server_config_array); |
| | | |
| | | $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section); |
| | | $server_config_str = $app->ini_parser->get_ini_string($server_config_array); |
| | | |
| | | $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id); |
| | | $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id); |
| | | } else { |
| | | $app->error('Security breach!'); |
| | | } |
| | | } |
| | | } |
| | | |