mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-21 22:22:15 +01:00
add token to deny access
This commit is contained in:
parent
10b37454f8
commit
5d6deed27d
@ -108,6 +108,11 @@ class admin_denyaccess
|
||||
{
|
||||
$location = $_GET['location'];
|
||||
|
||||
// for POST (not GET or cli call via setup_cmd_admin) validate CSRF token
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST')
|
||||
{
|
||||
Api\Csrf::validate($_POST['csrf_token'], __FILE__);
|
||||
}
|
||||
if ($_POST['submit'] || $_POST['cancel'])
|
||||
{
|
||||
if ($_POST['submit'])
|
||||
@ -137,6 +142,7 @@ class admin_denyaccess
|
||||
|
||||
$this->common_header();
|
||||
$this->template->set_file('form','acl_manager_form.tpl');
|
||||
$this->template->set_var('csrf_token', Api\Csrf::token(__FILE__));
|
||||
|
||||
$afn = Api\Accounts::username($this->account_id);
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
<!-- BEGIN form -->
|
||||
<form method="POST" action="{form_action}">
|
||||
<input type="hidden" name="csrf_token" value="{csrf_token}"/>
|
||||
<div align="left">
|
||||
<p>{lang_message}</p>
|
||||
<p>{select_values}</p>
|
||||
|
Loading…
Reference in New Issue
Block a user