mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-24 15:48:55 +01:00
prevent false CSRF warning, if DB schema upgrade is needed
This commit is contained in:
parent
8da996500f
commit
c96111fbca
@ -247,6 +247,7 @@ switch($GLOBALS['egw_info']['setup']['stage']['db'])
|
||||
$setup_tpl->set_var('V_db_filled_block',$db_filled_block);
|
||||
break;
|
||||
case 4:
|
||||
$setup_tpl->set_var('hidden_vars', html::input_hidden('csrf_token', egw_csrf::token(__FILE__)));
|
||||
$setup_tpl->set_var('oldver',lang('You appear to be running version %1 of eGroupWare',$setup_info['phpgwapi']['currentver']));
|
||||
$setup_tpl->set_var('automatic',lang('We will automatically update your tables/records to %1',$setup_info['phpgwapi']['version']));
|
||||
$setup_tpl->set_var('backupwarn',lang('but we <u>highly recommend backing up</u> your tables in case the script causes damage to your data.<br /><strong>These automated scripts can easily destroy your data.</strong>'));
|
||||
@ -342,6 +343,7 @@ switch($GLOBALS['egw_info']['setup']['stage']['db'])
|
||||
}
|
||||
break;
|
||||
case 'oldversion':
|
||||
egw_csrf::validate($_POST['csrf_token'], __FILE__);
|
||||
// create a backup, before upgrading the tables
|
||||
if ($_POST['backup'])
|
||||
{
|
||||
|
@ -91,6 +91,7 @@
|
||||
{automatic}
|
||||
{backupwarn}<br />
|
||||
<form method="post" action="index.php">
|
||||
{hidden_vars}
|
||||
<input type="hidden" name="oldversion" value="{oldver}" />
|
||||
<input type="hidden" name="useglobalconfigsettings" />
|
||||
<input type="hidden" name="action" value="Upgrade" />
|
||||
@ -107,25 +108,21 @@
|
||||
</form>
|
||||
<hr />
|
||||
{dont_touch_my_data}. {goto}:
|
||||
<form method="post" action="config.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
<form method="get" action="config.php">
|
||||
<input type="submit" name="label" value="{configuration}" />
|
||||
</form>
|
||||
<form method="post" action="admin_account.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
</form>
|
||||
<form method="get" action="admin_account.php">
|
||||
<input type="submit" name="label" value="{admin_account}" />
|
||||
</form>
|
||||
<form method="post" action="lang.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
</form>
|
||||
<form method="get" action="lang.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
<input type="submit" name="label" value="{language_management}" />
|
||||
</form>
|
||||
<form method="post" action="applications.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
</form>
|
||||
<form method="get" action="applications.php">
|
||||
<input type="submit" name="label" value="{applications}" />
|
||||
</form>
|
||||
<form method="post" action="db_backup.php">
|
||||
<input type="hidden" name="action" value="Dont touch my data" />
|
||||
<input type="submit" name="label" value="{db_backup}" />
|
||||
<form method="get" action="db_backup.php">
|
||||
<input type="submit" name="label" value="{db_backup}" />
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
|
Loading…
Reference in New Issue
Block a user