From 5af0cfd99a13fda9afad3380b0c50a3428acd299 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 03 Jun 2015 12:14:07 -0400
Subject: [PATCH] Extended the CSRF check.

---
 interface/web/tools/resync.php |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index 1191585..36d4fab 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -48,6 +48,11 @@
 include $lng_file;
 $app->tpl->setVar($wb);
 
+if(isset($_POST) && count($_POST) > 1) {	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+}
+
 //* Resyncing websites
 if(isset($_POST['resync_sites']) && $_POST['resync_sites'] == 1) {
 	$db_table = 'web_domain';
@@ -217,6 +222,11 @@
 $app->tpl->setVar('msg', $msg);
 $app->tpl->setVar('error', $error);
 
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('tools_resync');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $app->tpl_defaults();
 $app->tpl->pparse();
 

--
Gitblit v1.9.1