fixed csrf

pandora_console/godmode/setup/setup_auth.php

@@ -77,6 +77,7 @@ if (is_ajax()) {
                     true
                 ).'  ';
                 $table->data['autocreate_remote_users'] = $row;
+                $table->data['csrf_token'] = html_print_csrf_hidden();
 
                 add_enterprise_auth_autocreate_profiles($table, $type_auth);
             }
@@ -475,6 +476,8 @@ if (!is_metaconsole()) {
     html_print_input_hidden('hash_save_config', md5('save'.$config['dbpass']));
 }
 
+html_print_csrf_hidden();
+
 html_print_table($table);
 echo '<div id="table_auth_result"></div>';
 echo '<div class="action-buttons" style="width: '.$table->width.'">';

pandora_console/include/functions_config.php

@@ -523,6 +523,15 @@ function config_update_config()
                 break;
 
                 case 'auth':
+                    $validatedCSRF = validate_csrf_code();
+
+                    // CSRF Validation.
+                    if ($validatedCSRF === false) {
+                        include_once 'general/login_page.php';
+                        // Finish the execution.
+                        exit('</html>');
+                    }
+
                     // AUTHENTICATION SETUP.
                     if (config_update_value('auth', get_parameter('auth'), true) === false) {
                         $error_update[] = __('Authentication method');