From 5af0cfd99a13fda9afad3380b0c50a3428acd299 Mon Sep 17 00:00:00 2001 From: Till Brehm <tbrehm@ispconfig.org> Date: Wed, 03 Jun 2015 12:14:07 -0400 Subject: [PATCH] Extended the CSRF check. --- interface/web/tools/resync.php | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php index 1191585..36d4fab 100644 --- a/interface/web/tools/resync.php +++ b/interface/web/tools/resync.php @@ -48,6 +48,11 @@ include $lng_file; $app->tpl->setVar($wb); +if(isset($_POST) && count($_POST) > 1) { + //* CSRF Check + $app->auth->csrf_token_check(); +} + //* Resyncing websites if(isset($_POST['resync_sites']) && $_POST['resync_sites'] == 1) { $db_table = 'web_domain'; @@ -217,6 +222,11 @@ $app->tpl->setVar('msg', $msg); $app->tpl->setVar('error', $error); +//* SET csrf token +$csrf_token = $app->auth->csrf_token_get('tools_resync'); +$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); +$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); + $app->tpl_defaults(); $app->tpl->pparse(); -- Gitblit v1.9.1