Mibew/java
1
0
Fork 0
mirror of https://github.com/Mibew/java.git synced 2025-10-31 10:31:07 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

update comment for avatar csrf, and add csrf token check to permission page

Browse Source
This commit is contained in:
YuFei Zhu 2012-05-01 13:02:34 +01:00 committed by Dmitriy Simushev
parent 7035c3feba
commit c948956779
3 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/messenger/webim/operator/permissions.php
View File

@ -23,6 +23,7 @@ require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/operator_settings.php');
csrfchecktoken();
$operator = check_login();
function update_operator_permissions($operatorid, $newvalue)

3
src/messenger/webim/view/avatar.php
View File

@ -36,7 +36,10 @@ require_once('inc_errors.php');
?>
<form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data">
<!-- add csrf token -->
<?php print_csrf_token_input() ?>
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
<div>
<?php print_tabbar(); ?>

6
src/messenger/webim/view/permissions.php
View File

@ -39,6 +39,10 @@ require_once('inc_errors.php');
<?php } ?>
<form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php">
<!-- add csrf token -->
<?php print_csrf_token_input() ?>
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
<div>
<?php print_tabbar(); ?>
@ -67,4 +71,4 @@ require_once('inc_errors.php');
} /* content */
require_once('inc_main.php');
?>
?>