dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vars: Token integration.

This commit is contained in:
Nate 2019-09-19 07:40:32 -06:00
parent a6d67add56
commit 6b65742b1e
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/vars/var_edit.php
View File

@ -76,6 +76,14 @@
$var_uuid = $_POST["var_uuid"]; $var_uuid = $_POST["var_uuid"];
} }
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: vars.php');
exit;
}
//check for all required data //check for all required data
$msg = ''; $msg = '';
//if (strlen($var_category) == 0) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; } //if (strlen($var_category) == 0) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; }
@ -167,6 +175,10 @@
unset($sql, $parameters); unset($sql, $parameters);
} }
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//include header //include header
require_once "resources/header.php"; require_once "resources/header.php";
if ($action == "add") { if ($action == "add") {
@ -329,6 +341,7 @@
if ($action == "update") { if ($action == "update") {
echo " <input type='hidden' name='var_uuid' value='".escape($var_uuid)."'>\n"; echo " <input type='hidden' name='var_uuid' value='".escape($var_uuid)."'>\n";
} }
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <br>"; echo " <br>";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n"; echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n"; echo " </td>\n";