From 8b5d49cfd16f03db159f0bd960b29323338e5afa Mon Sep 17 00:00:00 2001 From: Nate Date: Thu, 19 Sep 2019 07:52:53 -0600 Subject: [PATCH] Domain Settings: Token integration. --- core/domain_settings/domain_setting_edit.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/core/domain_settings/domain_setting_edit.php b/core/domain_settings/domain_setting_edit.php index 3885866b18..7119ce5a12 100644 --- a/core/domain_settings/domain_setting_edit.php +++ b/core/domain_settings/domain_setting_edit.php @@ -93,6 +93,14 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { $domain_setting_uuid = $_POST["domain_setting_uuid"]; } + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: ../domains/domain_edit.php?id='.$domain_uuid); + exit; + } + //check for all required/authorized data if (strlen($domain_setting_category) == 0 || (is_array($allowed_categories) && sizeof($allowed_categories) > 0 && !in_array(strtolower($domain_setting_category), $allowed_categories))) { $msg .= $text['message-required'].$text['label-category']."
\n"; } if (strlen($domain_setting_subcategory) == 0) { $msg .= $text['message-required'].$text['label-subcategory']."
\n"; } @@ -335,6 +343,10 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { unset($sql, $parameters); } +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + //show the header require_once "resources/header.php"; if ($action == "update") { @@ -723,6 +735,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { if ($action == "update") { echo " \n"; } + echo " \n"; echo "
"; echo " \n"; echo " \n";