From e5b2e8362a011d7fc34c9cad7cc1c110df4b5e8d Mon Sep 17 00:00:00 2001 From: Nate Date: Thu, 19 Sep 2019 07:53:57 -0600 Subject: [PATCH] Domains: Token integration. --- core/domains/domain_edit.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/core/domains/domain_edit.php b/core/domains/domain_edit.php index 6113f89f7a..8c7ec1971d 100644 --- a/core/domains/domain_edit.php +++ b/core/domains/domain_edit.php @@ -73,6 +73,14 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { $domain_uuid = $_POST["domain_uuid"]; } + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: domains.php'); + exit; + } + //check for all required data if (strlen($domain_name) == 0) { $msg .= $text['message-required'].$text['label-name']."
\n"; } //if (strlen($domain_description) == 0) { $msg .= $text['message-required'].$text['label-description']."
\n"; } @@ -483,6 +491,10 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { unset($sql, $parameters, $row); } +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + //show the header require_once "resources/header.php"; if ($action == "update") { @@ -619,6 +631,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { if ($action == "update") { echo " \n"; } + echo " \n"; echo "
"; echo " \n"; echo " \n";