gitlabFork/ISPConfig3.git - Solinfo Gitblit

ISPConfig3 devel

parent: 582cbf7b | patch | commit | ignore whitespace

Marius Cramer

2015-05-21 e8f9436f31c99f2b1bad2b820caf72f7c7d3c939

- fixed csrf protection

3 files modified

	interface/lib/classes/tform.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/lang/de.lng	1 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/lang/en.lng	1 ●●●●● patch \| view \| raw \| blame \| history

 interface/lib/classes/tform.inc.php

@@ -680,6 +680,8 @@
            }
            if($_csrf_valid !== true) {
                $app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
                $errmsg = 'err_csrf_attempt_blocked';
                $this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n";
                unset($_POST);
                unset($record);
            }

 interface/lib/lang/de.lng

@@ -42,6 +42,7 @@
$wb['top_menu_dashboard'] = 'Übersicht';
$wb['latest_news_txt'] = 'Neuigkeiten';
$wb['top_menu_vm'] = 'vServer';
$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
$wb['daynamesmin_su'] = 'So';
$wb['daynamesmin_mo'] = 'Mo';
$wb['daynamesmin_tu'] = 'Di';

 interface/lib/lang/en.lng

@@ -131,6 +131,7 @@
$wb['datalog_status_i_web_folder_user'] = 'Create folder protection user';
$wb['datalog_status_u_web_folder_user'] = 'Update folder protection user';
$wb['datalog_status_d_web_folder_user'] = 'Delete folder protection user';
$wb['err_csrf_attempt_blocked'] = 'CSRF attempt blocked.';
$wb['login_as_txt'] = 'Log in as';
$wb["no_domain_perm"] = 'You have no permission for this domain.';
$wb["no_destination_perm"] = 'You have no permission for this destination.';

			@@ -680,6 +680,8 @@
			}
			if($_csrf_valid !== true) {
			$app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
			$errmsg = 'err_csrf_attempt_blocked';
			$this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n";
			unset($_POST);
			unset($record);
			}

			@@ -42,6 +42,7 @@
			$wb['top_menu_dashboard'] = 'Übersicht';
			$wb['latest_news_txt'] = 'Neuigkeiten';
			$wb['top_menu_vm'] = 'vServer';
			$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
			$wb['daynamesmin_su'] = 'So';
			$wb['daynamesmin_mo'] = 'Mo';
			$wb['daynamesmin_tu'] = 'Di';

			@@ -131,6 +131,7 @@
			$wb['datalog_status_i_web_folder_user'] = 'Create folder protection user';
			$wb['datalog_status_u_web_folder_user'] = 'Update folder protection user';
			$wb['datalog_status_d_web_folder_user'] = 'Delete folder protection user';
			$wb['err_csrf_attempt_blocked'] = 'CSRF attempt blocked.';
			$wb['login_as_txt'] = 'Log in as';
			$wb["no_domain_perm"] = 'You have no permission for this domain.';
			$wb["no_destination_perm"] = 'You have no permission for this destination.';