extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-21 23:43:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

prevent false CSRF warning, if DB schema upgrade is needed

Browse Source
This commit is contained in:
Ralf Becker 2014-06-24 08:50:20 +00:00
parent 8da996500f
commit c96111fbca
2 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
setup/index.php
View File

@ -247,6 +247,7 @@ switch($GLOBALS['egw_info']['setup']['stage']['db'])
$setup_tpl->set_var('V_db_filled_block',$db_filled_block);
break;
case 4:
$setup_tpl->set_var('hidden_vars', html::input_hidden('csrf_token', egw_csrf::token(__FILE__)));
$setup_tpl->set_var('oldver',lang('You appear to be running version %1 of eGroupWare',$setup_info['phpgwapi']['currentver']));
$setup_tpl->set_var('automatic',lang('We will automatically update your tables/records to %1',$setup_info['phpgwapi']['version']));
$setup_tpl->set_var('backupwarn',lang('but we <u>highly recommend backing up</u> your tables in case the script causes damage to your data.<br /><strong>These automated scripts can easily destroy your data.</strong>'));
@ -342,6 +343,7 @@ switch($GLOBALS['egw_info']['setup']['stage']['db'])
}
break;
case 'oldversion':
egw_csrf::validate($_POST['csrf_token'], __FILE__);
// create a backup, before upgrading the tables
if ($_POST['backup'])
{

25
setup/templates/default/setup_db_blocks.tpl
View File

@ -91,6 +91,7 @@
{automatic}
{backupwarn}<br />
<form method="post" action="index.php">
{hidden_vars}
<input type="hidden" name="oldversion" value="{oldver}" />
<input type="hidden" name="useglobalconfigsettings" />
<input type="hidden" name="action" value="Upgrade" />
@ -107,25 +108,21 @@
</form>
<hr />
{dont_touch_my_data}.&nbsp;&nbsp;{goto}:
<form method="post" action="config.php">
<input type="hidden" name="action" value="Dont touch my data" />
<form method="get" action="config.php">
<input type="submit" name="label" value="{configuration}" />
</form>
<form method="post" action="admin_account.php">
<input type="hidden" name="action" value="Dont touch my data" />
</form>
<form method="get" action="admin_account.php">
<input type="submit" name="label" value="{admin_account}" />
</form>
<form method="post" action="lang.php">
<input type="hidden" name="action" value="Dont touch my data" />
</form>
<form method="get" action="lang.php">
<input type="hidden" name="action" value="Dont touch my data" />
<input type="submit" name="label" value="{language_management}" />
</form>
<form method="post" action="applications.php">
<input type="hidden" name="action" value="Dont touch my data" />
</form>
<form method="get" action="applications.php">
<input type="submit" name="label" value="{applications}" />
</form>
<form method="post" action="db_backup.php">
<input type="hidden" name="action" value="Dont touch my data" />
<input type="submit" name="label" value="{db_backup}" />
<form method="get" action="db_backup.php">
<input type="submit" name="label" value="{db_backup}" />
</form>
</td>
</tr>