dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Groups: Token integration.

This commit is contained in:
Nate 2019-09-19 07:58:31 -06:00
parent d957a4a60e
commit d054f15300
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core/groups/groupadd.php
View File

@ -54,6 +54,14 @@
}
$group_description = $_POST["group_description"];
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: groups.php');
exit;
}
//check for global/domain duplicates
$sql = "select count(*) from v_groups where ";
$sql .= "group_name = :group_name ";
@ -94,6 +102,10 @@
return;
}
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//include the header
include "resources/header.php";
$document['title'] = $text['title-group_add'];
@ -155,6 +167,7 @@
echo "<tr>\n";
echo "<td colspan='2' align='right'>\n";
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <br />";
echo " <input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
echo "</td>\n";

4
core/groups/groupedit.php
View File

@ -400,9 +400,7 @@
echo "<tr>\n";
echo "<td colspan='2' align='right'>\n";
if (is_uuid($group_uuid)) {
echo " <input type='hidden' name='group_uuid' value='".escape($group_uuid)."'>\n";
}
echo " <input type='hidden' name='group_uuid' value='".escape($group_uuid)."'>\n";
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <br />";
echo " <input type='submit' class='btn' value=\"".$text['button-save']."\">\n";