From da790fc8d21f7402dc4b22bdc8b1c40978562f13 Mon Sep 17 00:00:00 2001
From: YuFei Zhu <phil@mohc.net>
Date: Tue, 1 May 2012 13:20:03 +0100
Subject: [PATCH] add csrf token to performance and features views

---
 src/messenger/webim/operator/features.php    | 2 ++
 src/messenger/webim/operator/performance.php | 4 +++-
 src/messenger/webim/view/features.php        | 6 +++++-
 src/messenger/webim/view/performance.php     | 5 ++++-
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/messenger/webim/operator/features.php b/src/messenger/webim/operator/features.php
index 7419e181..b5e834bd 100644
--- a/src/messenger/webim/operator/features.php
+++ b/src/messenger/webim/operator/features.php
@@ -23,6 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
+csrfchecktoken();
+
 $operator = check_login();
 
 $page = array('agentId' => '');
diff --git a/src/messenger/webim/operator/performance.php b/src/messenger/webim/operator/performance.php
index 23aac261..58b5d25a 100644
--- a/src/messenger/webim/operator/performance.php
+++ b/src/messenger/webim/operator/performance.php
@@ -23,6 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
+csrfchecktoken();
+
 $operator = check_login();
 
 $page = array('agentId' => '');
@@ -129,4 +131,4 @@ prepare_menu($operator);
 setup_settings_tabs(2);
 start_html_output();
 require('../view/performance.php');
-?>
\ No newline at end of file
+?>
diff --git a/src/messenger/webim/view/features.php b/src/messenger/webim/view/features.php
index 0d842d41..5f6c2667 100644
--- a/src/messenger/webim/view/features.php
+++ b/src/messenger/webim/view/features.php
@@ -85,6 +85,10 @@ require_once('inc_errors.php');
 <?php } ?>
 
 <form name="features" method="post" action="<?php echo $webimroot ?>/operator/features.php">
+
+<!-- add auth token -->
+<?php print_csrf_token_input() ?>
+
 <input type="hidden" name="sent" value="true"/>
 	<div>
 <?php print_tabbar(); ?>
@@ -241,4 +245,4 @@ require_once('inc_errors.php');
 } /* content */
 
 require_once('inc_main.php');
-?>
\ No newline at end of file
+?>
diff --git a/src/messenger/webim/view/performance.php b/src/messenger/webim/view/performance.php
index 2da1937c..1a0cde2f 100644
--- a/src/messenger/webim/view/performance.php
+++ b/src/messenger/webim/view/performance.php
@@ -40,6 +40,9 @@ require_once('inc_errors.php');
 
 <form name="performance" method="post" action="<?php echo $webimroot ?>/operator/performance.php">
 
+<!-- add auth token -->
+<?php print_csrf_token_input() ?>
+
 	<div>
 <?php print_tabbar(); ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
@@ -156,4 +159,4 @@ require_once('inc_errors.php');
 } /* content */
 
 require_once('inc_main.php');
-?>
\ No newline at end of file
+?>