- fixed csrf handling on server config edit

Marius Cramer

2015-06-05 e5c68a10633302896a8562f17577f015b3506c84

- fixed csrf handling on server config edit

 interface/lib/classes/tform.inc.php

@@ -691,10 +691,6 @@
                unset($_POST);
                unset($record);
            }
            $_SESSION['_csrf'][$_csrf_id] = null;
            $_SESSION['_csrf_timeout'][$_csrf_id] = null;
            unset($_SESSION['_csrf'][$_csrf_id]);
            unset($_SESSION['_csrf_timeout'][$_csrf_id]);
            
            if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
                $to_unset = array();

 interface/web/admin/server_config_edit.php

@@ -92,11 +92,15 @@
                    }
                }
            }
			
            if($app->tform->errorMessage == '') {
                $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
                $server_config_str = $app->ini_parser->get_ini_string($server_config_array);

            $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
            $server_config_str = $app->ini_parser->get_ini_string($server_config_array);

            $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
                $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
            } else {
                $app->error('Security breach!');
            }
        }
    }