dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Domain Settings: Token integration.

This commit is contained in:
Nate 2019-09-19 07:52:53 -06:00
parent 15d30377c9
commit 8b5d49cfd1
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core/domain_settings/domain_setting_edit.php
View File

@ -93,6 +93,14 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
$domain_setting_uuid = $_POST["domain_setting_uuid"];
}
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: ../domains/domain_edit.php?id='.$domain_uuid);
exit;
}
//check for all required/authorized data
if (strlen($domain_setting_category) == 0 || (is_array($allowed_categories) && sizeof($allowed_categories) > 0 && !in_array(strtolower($domain_setting_category), $allowed_categories))) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; }
if (strlen($domain_setting_subcategory) == 0) { $msg .= $text['message-required'].$text['label-subcategory']."<br>\n"; }
@ -335,6 +343,10 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
unset($sql, $parameters);
}
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header
require_once "resources/header.php";
if ($action == "update") {
@ -723,6 +735,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
if ($action == "update") {
echo " <input type='hidden' name='domain_setting_uuid' value='".escape($domain_setting_uuid)."'>\n";
}
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <br />";
echo " <input type='button' class='btn' value='".$text['button-save']."' onclick='submit_form();'>\n";
echo " </td>\n";