Merge branch 'ent-7141-Vulnerabilities-CSRF' into 'develop'

Ent 7141 vulnerabilities csrf

Closes pandora_enterprise#7141

See merge request artica/pandorafms!4015
This commit is contained in:
Daniel Rodriguez 2021-05-19 16:00:16 +00:00
commit 4ea790a649
2 changed files with 9 additions and 2 deletions

View File

@ -867,6 +867,7 @@ class HTML
}
$output .= '<ul class="wizard">'.$output_submit.'</ul>';
$output .= html_print_csrf_hidden(true);
$output .= '</form>';
$output .= '<script>'.$js.'</script>';
if ($rawjs) {
@ -1002,6 +1003,7 @@ class HTML
$output .= '</div>';
$output .= '<ul class="wizard">'.$output_submit.'</ul>';
$output .= html_print_csrf_hidden(true);
$output .= '</form>';
$output .= '<script>'.$js.'</script>';
if ($rawjs) {
@ -1073,6 +1075,7 @@ class HTML
$output .= '</div>';
$output .= '<ul class="wizard">'.$output_submit.'</ul>';
$output .= html_print_csrf_hidden(true);
$output .= '</form>';
$output .= '<script>'.$js.'</script>';
if ($rawjs) {

View File

@ -4306,10 +4306,14 @@ function html_print_sort_arrows($params, $order_tag, $up='up', $down='down')
/**
* Print an input hidden with a new csrf token generated
*
* @param boolean $return If it is true return a string with the output instead to echo the output.
*
* @return void
*/
function html_print_csrf_hidden()
function html_print_csrf_hidden(bool $return=false)
{
html_print_input_hidden('csrf_code', generate_csrf_code());
return html_print_input_hidden('csrf_code', generate_csrf_code(), $return);
}