From e8f9436f31c99f2b1bad2b820caf72f7c7d3c939 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 21 May 2015 05:24:50 -0400
Subject: [PATCH] - fixed csrf protection
---
interface/lib/classes/tform.inc.php | 2 ++
interface/lib/lang/en.lng | 1 +
interface/lib/lang/de.lng | 1 +
3 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 94f72c0..f6d7a24 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -680,6 +680,8 @@
}
if($_csrf_valid !== true) {
$app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
+ $errmsg = 'err_csrf_attempt_blocked';
+ $this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n";
unset($_POST);
unset($record);
}
diff --git a/interface/lib/lang/de.lng b/interface/lib/lang/de.lng
index 735b1da..7f510a1 100644
--- a/interface/lib/lang/de.lng
+++ b/interface/lib/lang/de.lng
@@ -42,6 +42,7 @@
$wb['top_menu_dashboard'] = 'Übersicht';
$wb['latest_news_txt'] = 'Neuigkeiten';
$wb['top_menu_vm'] = 'vServer';
+$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
$wb['daynamesmin_su'] = 'So';
$wb['daynamesmin_mo'] = 'Mo';
$wb['daynamesmin_tu'] = 'Di';
diff --git a/interface/lib/lang/en.lng b/interface/lib/lang/en.lng
index c89c97a..5a7efef 100644
--- a/interface/lib/lang/en.lng
+++ b/interface/lib/lang/en.lng
@@ -131,6 +131,7 @@
$wb['datalog_status_i_web_folder_user'] = 'Create folder protection user';
$wb['datalog_status_u_web_folder_user'] = 'Update folder protection user';
$wb['datalog_status_d_web_folder_user'] = 'Delete folder protection user';
+$wb['err_csrf_attempt_blocked'] = 'CSRF attempt blocked.';
$wb['login_as_txt'] = 'Log in as';
$wb["no_domain_perm"] = 'You have no permission for this domain.';
$wb["no_destination_perm"] = 'You have no permission for this destination.';
--
Gitblit v1.9.1