#10217 CSRF for enable/disable users
This commit is contained in:
Jonathan
parent
30a0e2abe8
commit
0437e46b5b
|
|
@ -402,6 +402,11 @@ if ($delete_user === true) {
|
||||||
__('There was a problem deleting the profile')
|
__('There was a problem deleting the profile')
|
||||||
);
|
);
|
||||||
} else if ($disable_user !== false) {
|
} else if ($disable_user !== false) {
|
||||||
|
// CSRF Validator.
|
||||||
|
if (html_print_csrf_error()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Disable_user.
|
// Disable_user.
|
||||||
$id_user = get_parameter('id', 0);
|
$id_user = get_parameter('id', 0);
|
||||||
|
|
||||||
|
|
@ -646,6 +651,8 @@ $limit = (int) $config['block_size'];
|
||||||
$rowPair = true;
|
$rowPair = true;
|
||||||
$iterator = 0;
|
$iterator = 0;
|
||||||
$cont = 0;
|
$cont = 0;
|
||||||
|
// Creates csrf.
|
||||||
|
$csrf = html_print_csrf_hidden(true);
|
||||||
foreach ($info as $user_id => $user_info) {
|
foreach ($info as $user_id => $user_info) {
|
||||||
if (empty($user_id) === true) {
|
if (empty($user_id) === true) {
|
||||||
continue;
|
continue;
|
||||||
|
|
@ -815,6 +822,8 @@ foreach ($info as $user_id => $user_info) {
|
||||||
$user_info['id_user'],
|
$user_info['id_user'],
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
|
// Same csrf for every disable button for submit.
|
||||||
|
$data[6] .= $csrf;
|
||||||
$data[6] .= html_print_input_hidden(
|
$data[6] .= html_print_input_hidden(
|
||||||
'disable_user',
|
'disable_user',
|
||||||
$toDoAction,
|
$toDoAction,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue