|
|
@@ -74,6 +74,14 @@
|
|
|
$default_setting_uuid = uuid();
|
|
|
}
|
|
|
|
|
|
+ //validate the token
|
|
|
+ $token = new token;
|
|
|
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
|
|
|
+ message::add($text['message-invalid_token'],'negative');
|
|
|
+ header('Location: default_settings.php');
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+
|
|
|
//check for all required data
|
|
|
$msg = '';
|
|
|
if (strlen($default_setting_category) == 0) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; }
|
|
|
@@ -186,6 +194,10 @@
|
|
|
unset($sql, $parameters);
|
|
|
}
|
|
|
|
|
|
+//create token
|
|
|
+ $object = new token;
|
|
|
+ $token = $object->create($_SERVER['PHP_SELF']);
|
|
|
+
|
|
|
//show the header
|
|
|
require_once "resources/header.php";
|
|
|
if ($action == "update") {
|
|
|
@@ -656,6 +668,7 @@
|
|
|
echo " <input type='hidden' name='default_setting_uuid' value='".$default_setting_uuid."'>\n";
|
|
|
echo " <input type='hidden' name='search' value='".$search."'>\n";
|
|
|
}
|
|
|
+ echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
|
|
|
echo " <br>";
|
|
|
echo " <input type='button' class='btn' value='".$text['button-save']."' onclick='submit_form();'>\n";
|
|
|
echo " </td>\n";
|
Nate