From dadfb45a9a29e239ff722e6d8e91c75f76c314b8 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Fri, 05 Jun 2015 10:47:36 -0400
Subject: [PATCH] Merge branch 'master' of http://git.ispconfig.org/ispconfig/ispconfig3

---
 interface/web/client/client_message.php |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index 0e3bd2e..eb8bcdb 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -51,7 +51,10 @@
 
 //* Save data
 if(isset($_POST) && count($_POST) > 1) {
-
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	//* Check values
 	if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />';
 	if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />';
@@ -161,6 +164,11 @@
 }
 $app->tpl->setVar('message_variables', trim($message_variables));
 
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('client_message');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $app->tpl->setVar('okmsg', $msg);
 $app->tpl->setVar('error', $error);
 

--
Gitblit v1.9.1