mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 01:13:25 +01:00
prevent false CSRF warning, if DB schema upgrade is needed
This commit is contained in:
parent
c8e7fdccde
commit
6a016fac3f
@ -247,6 +247,7 @@ switch($GLOBALS['egw_info']['setup']['stage']['db'])
|
||||
$setup_tpl->set_var('V_db_filled_block',$db_filled_block);
|
||||
break;
|
||||
case 4:
|
||||
$setup_tpl->set_var('hidden_vars', html::input_hidden('csrf_token', egw_csrf::token(__FILE__)));
|
||||
$setup_tpl->set_var('oldver',lang('You appear to be running version %1 of eGroupWare',$setup_info['phpgwapi']['currentver']));
|
||||
$setup_tpl->set_var('automatic',lang('We will automatically update your tables/records to %1',$setup_info['phpgwapi']['version']));
|
||||
$setup_tpl->set_var('backupwarn',lang('but we <u>highly recommend backing up</u> your tables in case the script causes damage to your data.<br /><strong>These automated scripts can easily destroy your data.</strong>'));
|
||||
@ -341,6 +342,7 @@ switch($GLOBALS['egw_info']['setup']['stage']['db'])
|
||||
}
|
||||
break;
|
||||
case 'oldversion':
|
||||
egw_csrf::validate($_POST['csrf_token'], __FILE__);
|
||||
// create a backup, before upgrading the tables
|
||||
if ($_POST['backup'])
|
||||
{
|
||||
|
@ -92,6 +92,7 @@
|
||||
{automatic}
|
||||
{backupwarn}<br />
|
||||
<form method="post" action="index.php">
|
||||
{hidden_vars}
|
||||
<input type="hidden" name="oldversion" value="{oldver}" />
|
||||
<input type="hidden" name="useglobalconfigsettings" />
|
||||
<input type="hidden" name="action" value="Upgrade" />
|
||||
@ -108,25 +109,17 @@
|
||||
</form>
|
||||
<hr />
|
||||
{dont_touch_my_data}. {goto}:
|
||||
<form method="post" action="config.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
<form method="get" action="config.php">
|
||||
<input type="submit" name="label" value="{configuration}" />
|
||||
</form>
|
||||
<form method="post" action="admin_account.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
<form method="get" action="admin_account.php">
|
||||
<input type="submit" name="label" value="{admin_account}" />
|
||||
</form>
|
||||
<form method="post" action="lang.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
<input type="submit" name="label" value="{language_management}" />
|
||||
</form>
|
||||
<form method="post" action="applications.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
<form method="get" action="applications.php">
|
||||
<input type="submit" name="label" value="{applications}" />
|
||||
</form>
|
||||
<form method="post" action="db_backup.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
<input type="submit" name="label" value="{db_backup}" />
|
||||
<form method="get" action="db_backup.php">
|
||||
<input type="submit" name="label" value="{db_backup}" />
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
|
Loading…
Reference in New Issue
Block a user