mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-28 08:14:38 +02:00
Merge branch 'ent-7141-Vulnerabilities-CSRF' into 'develop'
Ent 7141 vulnerabilities csrf Closes pandora_enterprise#7141 See merge request artica/pandorafms!4015
This commit is contained in:
commit
4ea790a649
@ -867,6 +867,7 @@ class HTML
|
|||||||
}
|
}
|
||||||
|
|
||||||
$output .= '<ul class="wizard">'.$output_submit.'</ul>';
|
$output .= '<ul class="wizard">'.$output_submit.'</ul>';
|
||||||
|
$output .= html_print_csrf_hidden(true);
|
||||||
$output .= '</form>';
|
$output .= '</form>';
|
||||||
$output .= '<script>'.$js.'</script>';
|
$output .= '<script>'.$js.'</script>';
|
||||||
if ($rawjs) {
|
if ($rawjs) {
|
||||||
@ -1002,6 +1003,7 @@ class HTML
|
|||||||
$output .= '</div>';
|
$output .= '</div>';
|
||||||
|
|
||||||
$output .= '<ul class="wizard">'.$output_submit.'</ul>';
|
$output .= '<ul class="wizard">'.$output_submit.'</ul>';
|
||||||
|
$output .= html_print_csrf_hidden(true);
|
||||||
$output .= '</form>';
|
$output .= '</form>';
|
||||||
$output .= '<script>'.$js.'</script>';
|
$output .= '<script>'.$js.'</script>';
|
||||||
if ($rawjs) {
|
if ($rawjs) {
|
||||||
@ -1073,6 +1075,7 @@ class HTML
|
|||||||
$output .= '</div>';
|
$output .= '</div>';
|
||||||
|
|
||||||
$output .= '<ul class="wizard">'.$output_submit.'</ul>';
|
$output .= '<ul class="wizard">'.$output_submit.'</ul>';
|
||||||
|
$output .= html_print_csrf_hidden(true);
|
||||||
$output .= '</form>';
|
$output .= '</form>';
|
||||||
$output .= '<script>'.$js.'</script>';
|
$output .= '<script>'.$js.'</script>';
|
||||||
if ($rawjs) {
|
if ($rawjs) {
|
||||||
|
@ -4306,10 +4306,14 @@ function html_print_sort_arrows($params, $order_tag, $up='up', $down='down')
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Print an input hidden with a new csrf token generated
|
* Print an input hidden with a new csrf token generated
|
||||||
|
*
|
||||||
|
* @param boolean $return If it is true return a string with the output instead to echo the output.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
*/
|
*/
|
||||||
function html_print_csrf_hidden()
|
function html_print_csrf_hidden(bool $return=false)
|
||||||
{
|
{
|
||||||
html_print_input_hidden('csrf_code', generate_csrf_code());
|
return html_print_input_hidden('csrf_code', generate_csrf_code(), $return);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user