From b5f6a1a03de9343ffc718ce253f7730e4d8d6c19 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Tue, 29 Mar 2016 13:36:35 -0400
Subject: [PATCH] Fix for #3812 Insufficient validation of PHP version selector for ISPConfig 3.1 branch.

---
 interface/web/dns/dns_wizard.php |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 17dba99..bacadf1 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -147,7 +147,7 @@
 	$options_dns_servers = "";
 
 	foreach ($dns_servers as $dns_server) {
-		$options_dns_servers .= "<option value='$dns_server[server_id]'>$dns_server[server_name]</option>";
+		$options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($_POST['server_id'] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$dns_server['server_name'].'</option>';
 	}
 
 	$app->tpl->setVar("server_id", $options_dns_servers);
@@ -197,7 +197,10 @@
 }
 
 if($_POST['create'] == 1) {
-
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$error = '';
 
 	if ($post_server_id)
@@ -311,6 +314,7 @@
 	$tpl_rows = explode("\n", $tpl_content);
 	$section = '';
 	$vars = array();
+	$vars['xfer']='';
 	$dns_rr = array();
 	foreach($tpl_rows as $row) {
 		$row = trim($row);
@@ -430,6 +434,11 @@
 
 $app->tpl->setVar("title", 'DNS Wizard');
 
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_wizard');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
 include $lng_file;
 $app->tpl->setVar($wb);

--
Gitblit v1.9.1