From 5af0cfd99a13fda9afad3380b0c50a3428acd299 Mon Sep 17 00:00:00 2001 From: Till Brehm <tbrehm@ispconfig.org> Date: Wed, 03 Jun 2015 12:14:07 -0400 Subject: [PATCH] Extended the CSRF check. --- interface/web/admin/remote_action_ispcupdate.php | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php index 32bf0c4..d207dd0 100644 --- a/interface/web/admin/remote_action_ispcupdate.php +++ b/interface/web/admin/remote_action_ispcupdate.php @@ -66,6 +66,10 @@ //* Note: Disabled post action if (1 == 0 && isset($_POST['server_select'])) { + + //* CSRF Check + $app->auth->csrf_token_check(); + $server = $_POST['server_select']; $servers = array(); if ($server == '*') { @@ -95,6 +99,11 @@ $app->tpl->setVar('msg', $msg); +//* SET csrf token +$csrf_token = $app->auth->csrf_token_get('ispupdate'); +$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); +$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); + $app->tpl->setVar($wb); $app->tpl_defaults(); -- Gitblit v1.9.1