1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

don't write the csrf token field to the output buffer

but return and echo it
This commit is contained in:
glaszig 2019-08-01 13:03:59 +02:00
parent 6f1ae104f3
commit 0a255e8b49
5 changed files with 5 additions and 5 deletions

View File

@ -40,7 +40,7 @@ function DisplayAuthConfig($username, $password)
<div class="panel-body"> <div class="panel-body">
<p><?php $status->showMessages(); ?></p> <p><?php $status->showMessages(); ?></p>
<form role="form" action="?page=auth_conf" method="POST"> <form role="form" action="?page=auth_conf" method="POST">
<?php CSRFToken() ?> <?php echo CSRFToken() ?>
<div class="row"> <div class="row">
<div class="form-group col-md-4"> <div class="form-group col-md-4">
<label for="username"><?php echo _("Username"); ?></label> <label for="username"><?php echo _("Username"); ?></label>

View File

@ -182,7 +182,7 @@ function DisplayWPAConfig()
</div> </div>
<form method="POST" action="?page=wpa_conf" name="wpa_conf_form"> <form method="POST" action="?page=wpa_conf" name="wpa_conf_form">
<?php CSRFToken() ?> <?php echo CSRFToken() ?>
<input type="hidden" name="client_settings" ?> <input type="hidden" name="client_settings" ?>
<script> <script>
function showPassword(index) { function showPassword(index) {

View File

@ -70,7 +70,7 @@ function ensureCSRFSessionToken()
function CSRFToken() function CSRFToken()
{ {
$token = htmlspecialchars($_SESSION['csrf_token']); $token = htmlspecialchars($_SESSION['csrf_token']);
echo '<input id="csrf_token" type="hidden" name="csrf_token" value="' . $token . '">'; return '<input id="csrf_token" type="hidden" name="csrf_token" value="' . $token . '">';
} }
/** /**

View File

@ -83,7 +83,7 @@ function DisplayHostAPDConfig()
<div class="tab-pane fade in active" id="basic"> <div class="tab-pane fade in active" id="basic">
<h4><?php echo _("Basic settings") ;?></h4> <h4><?php echo _("Basic settings") ;?></h4>
<?php CSRFToken() ?> <?php echo CSRFToken() ?>
<div class="row"> <div class="row">
<div class="form-group col-md-4"> <div class="form-group col-md-4">
<label for="cbxinterface"><?php echo _("Interface") ;?></label> <label for="cbxinterface"><?php echo _("Interface") ;?></label>

View File

@ -200,7 +200,7 @@ if (isset($_POST['system_shutdown'])) {
<div role="tabpanel" class="tab-pane" id="language"> <div role="tabpanel" class="tab-pane" id="language">
<h4><?php echo _("Language settings") ;?></h4> <h4><?php echo _("Language settings") ;?></h4>
<?php CSRFToken() ?> <?php echo CSRFToken() ?>
<div class="row"> <div class="row">
<div class="form-group col-md-4"> <div class="form-group col-md-4">
<label for="code"><?php echo _("Select a language"); ?></label> <label for="code"><?php echo _("Select a language"); ?></label>