dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Menu: Token integration.

This commit is contained in:
Nate 2019-09-19 08:06:58 -06:00
parent bd438e4f39
commit 8bf320d768
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core/menu/menu_edit.php
View File

@ -62,6 +62,14 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
$menu_uuid = $_POST["menu_uuid"];
}
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: menu.php');
exit;
}
//check for all required data
//if (strlen($menu_name) == 0) { $msg .= $text['message-required'].$text['label-name']."<br>\n"; }
//if (strlen($menu_language) == 0) { $msg .= $text['message-required'].$text['label-language']."<br>\n"; }
@ -147,6 +155,10 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
unset($sql, $parameters, $row);
}
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header
require_once "resources/header.php";
if ($action == "update") {
@ -223,6 +235,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
if ($action == "update") {
echo " <input type='hidden' name='menu_uuid' value='".escape($menu_uuid)."'>\n";
}
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <br>";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n";

13
core/menu/menu_item_edit.php
View File

@ -98,6 +98,14 @@
$menu_item_uuid = $_POST["menu_item_uuid"];
}
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: menu.php');
exit;
}
//check for all required data
$msg = '';
if (strlen($menu_item_title) == 0) { $msg .= $text['message-required'].$text['label-title']."<br>\n"; }
@ -351,6 +359,10 @@
$groups = $database->select($sql, $parameters, 'all');
unset($sql, $sql_where, $parameters);
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//include the header
require_once "resources/header.php";
if ($action == "update") {
@ -551,6 +563,7 @@
}
echo " <input type='hidden' name='menu_uuid' value='".escape($menu_uuid)."'>";
echo " <input type='hidden' name='menu_item_uuid' value='".escape($menu_item_uuid)."'>";
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <br>";
echo " <input type='submit' class='btn' name='submit' value='".$text['button-save']."'>\n";
echo " </td>";