dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Contacts: Token integration.

This commit is contained in:
Nate 2019-09-17 22:28:22 -06:00
parent 2d58ca6c84
commit 1569da66fd
10 changed files with 131 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/contacts/contact_address_edit.php
View File

@ -82,6 +82,14 @@ else {
$contact_address_uuid = $_POST["contact_address_uuid"]; $contact_address_uuid = $_POST["contact_address_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@ -200,6 +208,10 @@ else {
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "update") { if ($action == "update") {
@ -431,6 +443,7 @@ else {
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='contact_address_uuid' value='".escape($contact_address_uuid)."'>\n"; echo " <input type='hidden' name='contact_address_uuid' value='".escape($contact_address_uuid)."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";
echo " </tr>"; echo " </tr>";

13
app/contacts/contact_attachment_edit.php
View File

@ -60,6 +60,14 @@
$attachment_primary = $_POST['attachment_primary']; $attachment_primary = $_POST['attachment_primary'];
$attachment_description = $_POST['attachment_description']; $attachment_description = $_POST['attachment_description'];
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
if (!is_array($attachment) || sizeof($attachment) == 0) { if (!is_array($attachment) || sizeof($attachment) == 0) {
$attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION)); $attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION));
} }
@ -130,6 +138,10 @@
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "update") { if ($action == "update") {
@ -222,6 +234,7 @@
echo " <tr>\n"; echo " <tr>\n";
echo " <td colspan='2' align='right'>\n"; echo " <td colspan='2' align='right'>\n";
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <br>\n"; echo " <br>\n";
echo " <input type='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";

13
app/contacts/contact_edit.php
View File

@ -78,6 +78,14 @@
$contact_uuid = $_POST["contact_uuid"]; $contact_uuid = $_POST["contact_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
//if (strlen($contact_type) == 0) { $msg .= $text['message-required'].$text['label-contact_type']."<br>\n"; } //if (strlen($contact_type) == 0) { $msg .= $text['message-required'].$text['label-contact_type']."<br>\n"; }
@ -258,6 +266,10 @@
$contact_users = $database->select($sql, $parameters, 'all'); $contact_users = $database->select($sql, $parameters, 'all');
unset($sql, $parameters); unset($sql, $parameters);
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "update") { if ($action == "update") {
@ -722,6 +734,7 @@
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='contact_uuid' value='".escape($contact_uuid)."'>\n"; echo " <input type='hidden' name='contact_uuid' value='".escape($contact_uuid)."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <br>"; echo " <br>";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";

13
app/contacts/contact_email_edit.php
View File

@ -72,6 +72,14 @@ if (is_uuid($_GET["contact_uuid"])) {
$contact_email_uuid = $_POST["contact_email_uuid"]; $contact_email_uuid = $_POST["contact_email_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@ -172,6 +180,10 @@ if (is_uuid($_GET["contact_uuid"])) {
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "update") { if ($action == "update") {
@ -296,6 +308,7 @@ if (is_uuid($_GET["contact_uuid"])) {
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='contact_email_uuid' value='".escape($contact_email_uuid)."'>\n"; echo " <input type='hidden' name='contact_email_uuid' value='".escape($contact_email_uuid)."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";
echo " </tr>"; echo " </tr>";

13
app/contacts/contact_note_edit.php
View File

@ -70,6 +70,14 @@
$contact_note_uuid = $_POST["contact_note_uuid"]; $contact_note_uuid = $_POST["contact_note_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@ -160,6 +168,10 @@
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "update") { if ($action == "update") {
@ -204,6 +216,7 @@
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='contact_note_uuid' value='".escape($contact_note_uuid)."'>\n"; echo " <input type='hidden' name='contact_note_uuid' value='".escape($contact_note_uuid)."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";
echo " </tr>"; echo " </tr>";

13
app/contacts/contact_phone_edit.php
View File

@ -86,6 +86,14 @@
$contact_phone_uuid = $_POST["contact_phone_uuid"]; $contact_phone_uuid = $_POST["contact_phone_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@ -202,6 +210,10 @@
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "update") { if ($action == "update") {
@ -361,6 +373,7 @@
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='contact_phone_uuid' value='".escape($contact_phone_uuid)."'>\n"; echo " <input type='hidden' name='contact_phone_uuid' value='".escape($contact_phone_uuid)."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";
echo " </tr>"; echo " </tr>";

13
app/contacts/contact_relation_edit.php
View File

@ -75,6 +75,14 @@ else {
$contact_relation_uuid = $_POST["contact_relation_uuid"]; $contact_relation_uuid = $_POST["contact_relation_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@ -172,6 +180,10 @@ else {
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
$document['title'] = $text['title-contact_relation']; $document['title'] = $text['title-contact_relation'];
require_once "resources/header.php"; require_once "resources/header.php";
@ -321,6 +333,7 @@ else {
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='contact_relation_uuid' value='".escape($contact_relation_uuid)."'>\n"; echo " <input type='hidden' name='contact_relation_uuid' value='".escape($contact_relation_uuid)."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";
echo " </tr>"; echo " </tr>";

13
app/contacts/contact_setting_edit.php
View File

@ -79,6 +79,14 @@
$contact_setting_uuid = $_POST["contact_setting_uuid"]; $contact_setting_uuid = $_POST["contact_setting_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
//if (strlen($domain_setting_category) == 0) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; } //if (strlen($domain_setting_category) == 0) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; }
@ -186,6 +194,10 @@
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "update") { if ($action == "update") {
@ -338,6 +350,7 @@
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='contact_setting_uuid' value='".$contact_setting_uuid."'>\n"; echo " <input type='hidden' name='contact_setting_uuid' value='".$contact_setting_uuid."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";
echo " </tr>"; echo " </tr>";

13
app/contacts/contact_time_edit.php
View File

@ -67,6 +67,14 @@ else {
$contact_time_uuid = $_POST["contact_time_uuid"]; $contact_time_uuid = $_POST["contact_time_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@ -158,6 +166,10 @@ else {
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "update") { if ($action == "update") {
@ -223,6 +235,7 @@ else {
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='contact_time_uuid' value='".escape($contact_time_uuid)."'>\n"; echo " <input type='hidden' name='contact_time_uuid' value='".escape($contact_time_uuid)."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";
echo " </tr>"; echo " </tr>";

13
app/contacts/contact_url_edit.php
View File

@ -73,6 +73,14 @@ else {
$contact_url_uuid = $_POST["contact_url_uuid"]; $contact_url_uuid = $_POST["contact_url_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: contacts.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@ -173,6 +181,10 @@ else {
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header //show the header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "update") { if ($action == "update") {
@ -297,6 +309,7 @@ else {
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='contact_url_uuid' value='".escape($contact_url_uuid)."'>\n"; echo " <input type='hidden' name='contact_url_uuid' value='".escape($contact_url_uuid)."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";
echo " </tr>"; echo " </tr>";