From 8cb6f8ffd31ec33479c9696c5263b7a8e27fe273 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Fri, 05 Jun 2015 04:40:23 -0400
Subject: [PATCH] Merge branch 'stable-3.0.5'

---
 interface/web/vm/openvz_action.php |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/interface/web/vm/openvz_action.php b/interface/web/vm/openvz_action.php
index 757f55e..4b429eb 100644
--- a/interface/web/vm/openvz_action.php
+++ b/interface/web/vm/openvz_action.php
@@ -17,6 +17,10 @@
 
 if($vm_id == 0) die('Invalid VM ID');
 
+if(isset($_POST) && count($_POST) > 1) {	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+}
 $vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = ?", $vm_id);
 $veid = $app->functions->intval($vm['veid']);
 $server_id = $app->functions->intval($vm['server_id']);
@@ -112,6 +116,11 @@
 $app->tpl->setVar($options);
 $app->tpl->setVar('error', $error_msg);
 
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('openvz_action');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $app->tpl_defaults();
 $app->tpl->pparse();
 

--
Gitblit v1.9.1