Inicio Explorar Axuda
Iniciar sesión
fusionpbx
/
fusionpbx-framework
réplica de https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Menu: Token integration.

Nate %!s(int64=6) %!d(string=hai) anos
pai
df5b5a6a57
achega
dff0877490
Modificáronse 2 ficheiros con 26 adicións e 0 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 13 0
      core/menu/menu_edit.php
  2. 13 0
      core/menu/menu_item_edit.php

+ 13 - 0
core/menu/menu_edit.php
Ver ficheiro 

@@ -62,6 +62,14 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 		$menu_uuid = $_POST["menu_uuid"];
 
 	}
 
 
+	//validate the token
 
+		$token = new token;
 
+		if (!$token->validate($_SERVER['PHP_SELF'])) {
 
+			message::add($text['message-invalid_token'],'negative');
 
+			header('Location: menu.php');
 
+			exit;
 
+		}
 
+
 
 	//check for all required data
 
 		//if (strlen($menu_name) == 0) { $msg .= $text['message-required'].$text['label-name']."<br>\n"; }
 
 		//if (strlen($menu_language) == 0) { $msg .= $text['message-required'].$text['label-language']."<br>\n"; }
 
@@ -147,6 +155,10 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 		unset($sql, $parameters, $row);
 
 	}
 
 
+//create token
 
+	$object = new token;
 
+	$token = $object->create($_SERVER['PHP_SELF']);
 
+
 
 //show the header
 
 	require_once "resources/header.php";
 
 	if ($action == "update") {
 
@@ -223,6 +235,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 	if ($action == "update") {
 
 		echo "		<input type='hidden' name='menu_uuid' value='".escape($menu_uuid)."'>\n";
 
 	}
 
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 
 	echo "			<br>";
 
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 
 	echo "		</td>\n";

+ 13 - 0
core/menu/menu_item_edit.php
Ver ficheiro 

@@ -98,6 +98,14 @@
 
 			$menu_item_uuid = $_POST["menu_item_uuid"];
 
 		}
 
 
+		//validate the token
 
+			$token = new token;
 
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
 
+				message::add($text['message-invalid_token'],'negative');
 
+				header('Location: menu.php');
 
+				exit;
 
+			}
 
+
 
 		//check for all required data
 
 			$msg = '';
 
 			if (strlen($menu_item_title) == 0) { $msg .= $text['message-required'].$text['label-title']."<br>\n"; }
 
@@ -351,6 +359,10 @@
 
 	$groups = $database->select($sql, $parameters, 'all');
 
 	unset($sql, $sql_where, $parameters);
 
 
+//create token
 
+	$object = new token;
 
+	$token = $object->create($_SERVER['PHP_SELF']);
 
+
 
 //include the header
 
 	require_once "resources/header.php";
 
 	if ($action == "update") {
 
@@ -551,6 +563,7 @@
 
 		}
 
 		echo "				<input type='hidden' name='menu_uuid' value='".escape($menu_uuid)."'>";
 
 		echo "				<input type='hidden' name='menu_item_uuid' value='".escape($menu_item_uuid)."'>";
 
+		echo "				<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 
 		echo "				<br>";
 
 		echo "				<input type='submit' class='btn' name='submit' value='".$text['button-save']."'>\n";
 
 		echo "			</td>";