From c948956779f7b44c1de807f432313382ec52ba42 Mon Sep 17 00:00:00 2001 From: YuFei Zhu Date: Tue, 1 May 2012 13:02:34 +0100 Subject: [PATCH] update comment for avatar csrf, and add csrf token check to permission page --- src/messenger/webim/operator/permissions.php | 1 + src/messenger/webim/view/avatar.php | 3 +++ src/messenger/webim/view/permissions.php | 6 +++++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/messenger/webim/operator/permissions.php b/src/messenger/webim/operator/permissions.php index 00713e2c..79bd67f7 100644 --- a/src/messenger/webim/operator/permissions.php +++ b/src/messenger/webim/operator/permissions.php @@ -23,6 +23,7 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/operator_settings.php'); +csrfchecktoken(); $operator = check_login(); function update_operator_permissions($operatorid, $newvalue) diff --git a/src/messenger/webim/view/avatar.php b/src/messenger/webim/view/avatar.php index 3219f8ce..b949f2f6 100644 --- a/src/messenger/webim/view/avatar.php +++ b/src/messenger/webim/view/avatar.php @@ -36,7 +36,10 @@ require_once('inc_errors.php'); ?>
+ + +
diff --git a/src/messenger/webim/view/permissions.php b/src/messenger/webim/view/permissions.php index 7c47ecc7..7bf433e8 100644 --- a/src/messenger/webim/view/permissions.php +++ b/src/messenger/webim/view/permissions.php @@ -39,6 +39,10 @@ require_once('inc_errors.php'); + + + +
@@ -67,4 +71,4 @@ require_once('inc_errors.php'); } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?>