diff --git a/app/contacts/contact_address_edit.php b/app/contacts/contact_address_edit.php
index fe9e86aa66..bf7b898099 100644
--- a/app/contacts/contact_address_edit.php
+++ b/app/contacts/contact_address_edit.php
@@ -82,6 +82,14 @@ else {
$contact_address_uuid = $_POST["contact_address_uuid"];
}
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -200,6 +208,10 @@ else {
unset($sql, $parameters, $row);
}
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
require_once "resources/header.php";
if ($action == "update") {
@@ -431,6 +443,7 @@ else {
if ($action == "update") {
echo " \n";
}
+ echo " \n";
echo " \n";
echo " \n";
echo " ";
diff --git a/app/contacts/contact_attachment_edit.php b/app/contacts/contact_attachment_edit.php
index 3b076cd6ed..d87680e700 100644
--- a/app/contacts/contact_attachment_edit.php
+++ b/app/contacts/contact_attachment_edit.php
@@ -60,6 +60,14 @@
$attachment_primary = $_POST['attachment_primary'];
$attachment_description = $_POST['attachment_description'];
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
if (!is_array($attachment) || sizeof($attachment) == 0) {
$attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION));
}
@@ -130,6 +138,10 @@
unset($sql, $parameters, $row);
}
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
require_once "resources/header.php";
if ($action == "update") {
@@ -222,6 +234,7 @@
echo " \n";
echo " \n";
+ echo " \n";
echo "
\n";
echo " \n";
echo " | \n";
diff --git a/app/contacts/contact_edit.php b/app/contacts/contact_edit.php
index 5d7e89b921..3777520f82 100644
--- a/app/contacts/contact_edit.php
+++ b/app/contacts/contact_edit.php
@@ -78,6 +78,14 @@
$contact_uuid = $_POST["contact_uuid"];
}
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
//if (strlen($contact_type) == 0) { $msg .= $text['message-required'].$text['label-contact_type']."
\n"; }
@@ -258,6 +266,10 @@
$contact_users = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
require_once "resources/header.php";
if ($action == "update") {
@@ -720,8 +732,9 @@
echo "
\n";
echo " \n";
if ($action == "update") {
- echo " \n";
+ echo " \n";
}
+ echo " \n";
echo "
";
echo " \n";
echo " | \n";
diff --git a/app/contacts/contact_email_edit.php b/app/contacts/contact_email_edit.php
index 28a7ee5d99..083036dc39 100644
--- a/app/contacts/contact_email_edit.php
+++ b/app/contacts/contact_email_edit.php
@@ -72,6 +72,14 @@ if (is_uuid($_GET["contact_uuid"])) {
$contact_email_uuid = $_POST["contact_email_uuid"];
}
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -172,6 +180,10 @@ if (is_uuid($_GET["contact_uuid"])) {
unset($sql, $parameters, $row);
}
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
require_once "resources/header.php";
if ($action == "update") {
@@ -296,6 +308,7 @@ if (is_uuid($_GET["contact_uuid"])) {
if ($action == "update") {
echo " \n";
}
+ echo " \n";
echo " \n";
echo " \n";
echo "
";
diff --git a/app/contacts/contact_note_edit.php b/app/contacts/contact_note_edit.php
index 77756979e8..a95e3a91fd 100644
--- a/app/contacts/contact_note_edit.php
+++ b/app/contacts/contact_note_edit.php
@@ -70,6 +70,14 @@
$contact_note_uuid = $_POST["contact_note_uuid"];
}
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -160,6 +168,10 @@
unset($sql, $parameters, $row);
}
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
require_once "resources/header.php";
if ($action == "update") {
@@ -204,6 +216,7 @@
if ($action == "update") {
echo " \n";
}
+ echo " \n";
echo " \n";
echo " \n";
echo " ";
diff --git a/app/contacts/contact_phone_edit.php b/app/contacts/contact_phone_edit.php
index 8cc1aa9291..1e8cac34b9 100644
--- a/app/contacts/contact_phone_edit.php
+++ b/app/contacts/contact_phone_edit.php
@@ -86,6 +86,14 @@
$contact_phone_uuid = $_POST["contact_phone_uuid"];
}
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -202,6 +210,10 @@
unset($sql, $parameters, $row);
}
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
require_once "resources/header.php";
if ($action == "update") {
@@ -361,6 +373,7 @@
if ($action == "update") {
echo " \n";
}
+ echo " \n";
echo " \n";
echo " \n";
echo " ";
diff --git a/app/contacts/contact_relation_edit.php b/app/contacts/contact_relation_edit.php
index af2aedd960..83856f6b40 100644
--- a/app/contacts/contact_relation_edit.php
+++ b/app/contacts/contact_relation_edit.php
@@ -75,6 +75,14 @@ else {
$contact_relation_uuid = $_POST["contact_relation_uuid"];
}
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -172,6 +180,10 @@ else {
unset($sql, $parameters, $row);
}
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
$document['title'] = $text['title-contact_relation'];
require_once "resources/header.php";
@@ -321,6 +333,7 @@ else {
if ($action == "update") {
echo " \n";
}
+ echo " \n";
echo " \n";
echo " \n";
echo " ";
diff --git a/app/contacts/contact_setting_edit.php b/app/contacts/contact_setting_edit.php
index 7bae1d7d9a..0d2f2f18ad 100644
--- a/app/contacts/contact_setting_edit.php
+++ b/app/contacts/contact_setting_edit.php
@@ -79,6 +79,14 @@
$contact_setting_uuid = $_POST["contact_setting_uuid"];
}
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
//if (strlen($domain_setting_category) == 0) { $msg .= $text['message-required'].$text['label-category']."
\n"; }
@@ -186,6 +194,10 @@
unset($sql, $parameters, $row);
}
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
require_once "resources/header.php";
if ($action == "update") {
@@ -338,6 +350,7 @@
if ($action == "update") {
echo " \n";
}
+ echo " \n";
echo " \n";
echo " \n";
echo " ";
diff --git a/app/contacts/contact_time_edit.php b/app/contacts/contact_time_edit.php
index 08edb943b7..4bd8c1bf53 100644
--- a/app/contacts/contact_time_edit.php
+++ b/app/contacts/contact_time_edit.php
@@ -67,6 +67,14 @@ else {
$contact_time_uuid = $_POST["contact_time_uuid"];
}
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -158,6 +166,10 @@ else {
unset($sql, $parameters, $row);
}
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
require_once "resources/header.php";
if ($action == "update") {
@@ -223,6 +235,7 @@ else {
if ($action == "update") {
echo " \n";
}
+ echo " \n";
echo " \n";
echo " \n";
echo " ";
diff --git a/app/contacts/contact_url_edit.php b/app/contacts/contact_url_edit.php
index f580461f6f..96ee8ff77f 100644
--- a/app/contacts/contact_url_edit.php
+++ b/app/contacts/contact_url_edit.php
@@ -73,6 +73,14 @@ else {
$contact_url_uuid = $_POST["contact_url_uuid"];
}
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: contacts.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -173,6 +181,10 @@ else {
unset($sql, $parameters, $row);
}
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//show the header
require_once "resources/header.php";
if ($action == "update") {
@@ -297,6 +309,7 @@ else {
if ($action == "update") {
echo " \n";
}
+ echo " \n";
echo " \n";
echo " \n";
echo " ";