dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Conference Profiles: Token integration.

This commit is contained in:
Nate 2019-09-17 22:17:18 -06:00
parent b14dd325d0
commit d35a978400
2 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/conference_profiles/conference_profile_edit.php
View File

@ -41,6 +41,14 @@
$conference_profile_uuid = $_POST["conference_profile_uuid"];
}
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: conference_profiles.php');
exit;
}
//check for all required data
$msg = '';
if (strlen($profile_name) == 0) { $msg .= $text['message-required']." ".$text['label-profile_name']."<br>\n"; }
@ -108,6 +116,10 @@
unset($sql, $parameters);
}
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header
require_once "resources/header.php";
@ -171,9 +183,10 @@
echo " <tr>\n";
echo " <td colspan='2' align='right'>\n";
if ($action == "update") {
echo " <input type='hidden' name='conference_profile_uuid' value='".escape($conference_profile_uuid)."'>\n";
echo " <input type='hidden' name='conference_profile_uuid' value='".escape($conference_profile_uuid)."'>\n";
}
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n";
echo " </tr>";
echo "</table>";

19
app/conference_profiles/conference_profile_param_edit.php
View File

@ -48,6 +48,14 @@
$conference_profile_param_uuid = $_POST["conference_profile_param_uuid"];
}
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative');
header('Location: conference_profiles.php');
exit;
}
//check for all required data
$msg = '';
if (strlen($profile_param_name) == 0) { $msg .= $text['message-required']." ".$text['label-profile_param_name']."<br>\n"; }
@ -119,6 +127,10 @@
unset($sql, $parameters);
}
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
//show the header
require_once "resources/header.php";
@ -192,11 +204,12 @@
echo "</tr>\n";
echo " <tr>\n";
echo " <td colspan='2' align='right'>\n";
echo " <input type='hidden' name='conference_profile_uuid' value='$conference_profile_uuid'>\n";
echo " <input type='hidden' name='conference_profile_uuid' value='$conference_profile_uuid'>\n";
if ($action == "update") {
echo " <input type='hidden' name='conference_profile_param_uuid' value='$conference_profile_param_uuid'>\n";
echo " <input type='hidden' name='conference_profile_param_uuid' value='$conference_profile_param_uuid'>\n";
}
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
echo " </td>\n";
echo " </tr>";
echo "</table>";