mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 14:41:29 +01:00
add token to deny access
This commit is contained in:
parent
10b37454f8
commit
5d6deed27d
@ -108,6 +108,11 @@ class admin_denyaccess
|
|||||||
{
|
{
|
||||||
$location = $_GET['location'];
|
$location = $_GET['location'];
|
||||||
|
|
||||||
|
// for POST (not GET or cli call via setup_cmd_admin) validate CSRF token
|
||||||
|
if ($_SERVER['REQUEST_METHOD'] == 'POST')
|
||||||
|
{
|
||||||
|
Api\Csrf::validate($_POST['csrf_token'], __FILE__);
|
||||||
|
}
|
||||||
if ($_POST['submit'] || $_POST['cancel'])
|
if ($_POST['submit'] || $_POST['cancel'])
|
||||||
{
|
{
|
||||||
if ($_POST['submit'])
|
if ($_POST['submit'])
|
||||||
@ -137,6 +142,7 @@ class admin_denyaccess
|
|||||||
|
|
||||||
$this->common_header();
|
$this->common_header();
|
||||||
$this->template->set_file('form','acl_manager_form.tpl');
|
$this->template->set_file('form','acl_manager_form.tpl');
|
||||||
|
$this->template->set_var('csrf_token', Api\Csrf::token(__FILE__));
|
||||||
|
|
||||||
$afn = Api\Accounts::username($this->account_id);
|
$afn = Api\Accounts::username($this->account_id);
|
||||||
|
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
<!-- BEGIN form -->
|
<!-- BEGIN form -->
|
||||||
<form method="POST" action="{form_action}">
|
<form method="POST" action="{form_action}">
|
||||||
|
<input type="hidden" name="csrf_token" value="{csrf_token}"/>
|
||||||
<div align="left">
|
<div align="left">
|
||||||
<p>{lang_message}</p>
|
<p>{lang_message}</p>
|
||||||
<p>{select_values}</p>
|
<p>{select_values}</p>
|
||||||
|
Loading…
Reference in New Issue
Block a user