Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Add CSRF field variable to all forms

master
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent 3e8d0d3778
commit 20ae77b90b
8 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pages/HTML/identities.html
View File

@ -30,6 +30,7 @@
<div class="row" style="margin-top: 15px;">
<div class="col">
%&CSRF%&
<button type="submit" name="createIdent" class="btn btn-primary btn-lg">Erstelle Identität</button>
</div>
</div>

1
pages/HTML/invite.html
View File

@ -16,6 +16,7 @@
<div class="row" style="margin-top: 15px;">
<div class="col">
%%CSRF%%
<button type="submit" name="generateLink" class="btn btn-primary btn-lg">Link Generieren</button>
</div>
</div>

1
pages/HTML/passwort.html
View File

@ -35,6 +35,7 @@
<div class="row" style="margin-top: 15px;">
<div class="col">
%%CSRF%%
<button type="submit" name="savePassword" class="btn btn-primary btn-lg">Speichern</button>
</div>
</div>

3
pages/HTML/profile.html
View File

@ -50,6 +50,7 @@
<div class="row" style="margin-top: 15px;">
<div class="col">
%%CSRF%%
<button type="submit" name="saveProfileData" class="btn btn-primary btn-lg">Speichern</button>
</div>
</div>
@ -84,6 +85,7 @@
<div class="row" style="margin-top: 15px;">
<div class="col">
%%CSRF%%
<center><button type="submit" name="savePassword" class="btn btn-primary btn-lg">Speichern</button></center>
</div>
</div>
@ -103,6 +105,7 @@
<form action="index.php?page=profile" method="post">
<div class="row" style="margin-top: 15px;">
<div class="col">
%%CSRF%%
<center><button type="submit" name="createIAR" class="btn btn-primary btn-lg" %%IARBUTTONSTATE%%>IAR erstellen</button></center>
</div>
</div>

1
pages/HTML/users.html
View File

@ -23,6 +23,7 @@
<div class="row" style="margin-top: 15px;">
<div class="col">
%%CSRF%%
<button type="submit" name="generateLink" class="btn btn-primary btn-lg">Link Generieren</button>
</div>
</div>

2
pages/identities.php
View File

@ -105,7 +105,7 @@
{
$entry = '<tr><td>'.htmlspecialchars(trim($RUNTIME['OPENSIM']->getUserName($row['IdentityID']))).' <span class="badge badge-info">Aktiv</span></td><td>-</td></tr>';
}else{
$entry = '<tr><td>'.htmlspecialchars(trim($RUNTIME['OPENSIM']->getUserName($row['IdentityID']))).'</td><td><form action="index.php?page=identities" method="post"><input type="hidden" name="newuuid" value="'.htmlspecialchars($row['IdentityID']).'"><button type="submit" name="enableIdent" class="btn btn-success btn-sm">Aktievieren</button></form></td></tr>';
$entry = '<tr><td>'.htmlspecialchars(trim($RUNTIME['OPENSIM']->getUserName($row['IdentityID']))).'</td><td><form action="index.php?page=identities" method="post">%%CSRF%%<input type="hidden" name="newuuid" value="'.htmlspecialchars($row['IdentityID']).'"><button type="submit" name="enableIdent" class="btn btn-success btn-sm">Aktievieren</button></form></td></tr>';
}
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);

1
style/login/login.html
View File

@ -52,6 +52,7 @@
</div>
<div class="container-login100-form-btn m-t-17">
%%CSRF%%
<button class="login100-form-btn" name="login">
Anmelden
</button>

1
style/login/register.html
View File

@ -62,6 +62,7 @@
</div>
<div class="container-login100-form-btn m-t-17">
%%CSRF%%
<input type="hidden" name="code" value="%%INVCODE%%">
<button class="login100-form-btn" name="doRegister">
Registrieren