From e5c68a10633302896a8562f17577f015b3506c84 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Fri, 05 Jun 2015 03:55:06 -0400 Subject: [PATCH] - fixed csrf handling on server config edit --- interface/lib/classes/tform.inc.php | 4 ---- interface/web/admin/server_config_edit.php | 12 ++++++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 1717419..1722a77 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -691,10 +691,6 @@ unset($_POST); unset($record); } - $_SESSION['_csrf'][$_csrf_id] = null; - $_SESSION['_csrf_timeout'][$_csrf_id] = null; - unset($_SESSION['_csrf'][$_csrf_id]); - unset($_SESSION['_csrf_timeout'][$_csrf_id]); if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) { $to_unset = array(); diff --git a/interface/web/admin/server_config_edit.php b/interface/web/admin/server_config_edit.php index e561b00..915e4c6 100644 --- a/interface/web/admin/server_config_edit.php +++ b/interface/web/admin/server_config_edit.php @@ -92,11 +92,15 @@ } } } + + if($app->tform->errorMessage == '') { + $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section); + $server_config_str = $app->ini_parser->get_ini_string($server_config_array); - $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section); - $server_config_str = $app->ini_parser->get_ini_string($server_config_array); - - $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id); + $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id); + } else { + $app->error('Security breach!'); + } } } -- Gitblit v1.9.1