prevent false CSRF warning, if DB schema upgrade is needed

This commit is contained in:
Ralf Becker 2014-06-24 08:43:46 +00:00
parent c8e7fdccde
commit 6a016fac3f
2 changed files with 8 additions and 13 deletions

View File

@ -247,6 +247,7 @@ switch($GLOBALS['egw_info']['setup']['stage']['db'])
$setup_tpl->set_var('V_db_filled_block',$db_filled_block);
break;
case 4:
$setup_tpl->set_var('hidden_vars', html::input_hidden('csrf_token', egw_csrf::token(__FILE__)));
$setup_tpl->set_var('oldver',lang('You appear to be running version %1 of eGroupWare',$setup_info['phpgwapi']['currentver']));
$setup_tpl->set_var('automatic',lang('We will automatically update your tables/records to %1',$setup_info['phpgwapi']['version']));
$setup_tpl->set_var('backupwarn',lang('but we <u>highly recommend backing up</u> your tables in case the script causes damage to your data.<br /><strong>These automated scripts can easily destroy your data.</strong>'));
@ -341,6 +342,7 @@ switch($GLOBALS['egw_info']['setup']['stage']['db'])
}
break;
case 'oldversion':
egw_csrf::validate($_POST['csrf_token'], __FILE__);
// create a backup, before upgrading the tables
if ($_POST['backup'])
{

View File

@ -92,6 +92,7 @@
{automatic}
{backupwarn}<br />
<form method="post" action="index.php">
{hidden_vars}
<input type="hidden" name="oldversion" value="{oldver}" />
<input type="hidden" name="useglobalconfigsettings" />
<input type="hidden" name="action" value="Upgrade" />
@ -108,25 +109,17 @@
</form>
<hr />
{dont_touch_my_data}.&nbsp;&nbsp;{goto}:
<form method="post" action="config.php">
<input type="hidden" name="action" value="Dont touch my data" />
<form method="get" action="config.php">
<input type="submit" name="label" value="{configuration}" />
</form>
<form method="post" action="admin_account.php">
<input type="hidden" name="action" value="Dont touch my data" />
<form method="get" action="admin_account.php">
<input type="submit" name="label" value="{admin_account}" />
</form>
<form method="post" action="lang.php">
<input type="hidden" name="action" value="Dont touch my data" />
<input type="submit" name="label" value="{language_management}" />
</form>
<form method="post" action="applications.php">
<input type="hidden" name="action" value="Dont touch my data" />
<form method="get" action="applications.php">
<input type="submit" name="label" value="{applications}" />
</form>
<form method="post" action="db_backup.php">
<input type="hidden" name="action" value="Dont touch my data" />
<input type="submit" name="label" value="{db_backup}" />
<form method="get" action="db_backup.php">
<input type="submit" name="label" value="{db_backup}" />
</form>
</td>
</tr>