mirror of
https://github.com/billz/raspap-webgui.git
synced 2023-10-10 13:37:24 +02:00
don't write the csrf token field to the output buffer
but return and echo it
This commit is contained in:
parent
6f1ae104f3
commit
0a255e8b49
@ -40,7 +40,7 @@ function DisplayAuthConfig($username, $password)
|
|||||||
<div class="panel-body">
|
<div class="panel-body">
|
||||||
<p><?php $status->showMessages(); ?></p>
|
<p><?php $status->showMessages(); ?></p>
|
||||||
<form role="form" action="?page=auth_conf" method="POST">
|
<form role="form" action="?page=auth_conf" method="POST">
|
||||||
<?php CSRFToken() ?>
|
<?php echo CSRFToken() ?>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="form-group col-md-4">
|
<div class="form-group col-md-4">
|
||||||
<label for="username"><?php echo _("Username"); ?></label>
|
<label for="username"><?php echo _("Username"); ?></label>
|
||||||
|
@ -182,7 +182,7 @@ function DisplayWPAConfig()
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<form method="POST" action="?page=wpa_conf" name="wpa_conf_form">
|
<form method="POST" action="?page=wpa_conf" name="wpa_conf_form">
|
||||||
<?php CSRFToken() ?>
|
<?php echo CSRFToken() ?>
|
||||||
<input type="hidden" name="client_settings" ?>
|
<input type="hidden" name="client_settings" ?>
|
||||||
<script>
|
<script>
|
||||||
function showPassword(index) {
|
function showPassword(index) {
|
||||||
|
@ -70,7 +70,7 @@ function ensureCSRFSessionToken()
|
|||||||
function CSRFToken()
|
function CSRFToken()
|
||||||
{
|
{
|
||||||
$token = htmlspecialchars($_SESSION['csrf_token']);
|
$token = htmlspecialchars($_SESSION['csrf_token']);
|
||||||
echo '<input id="csrf_token" type="hidden" name="csrf_token" value="' . $token . '">';
|
return '<input id="csrf_token" type="hidden" name="csrf_token" value="' . $token . '">';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -83,7 +83,7 @@ function DisplayHostAPDConfig()
|
|||||||
<div class="tab-pane fade in active" id="basic">
|
<div class="tab-pane fade in active" id="basic">
|
||||||
|
|
||||||
<h4><?php echo _("Basic settings") ;?></h4>
|
<h4><?php echo _("Basic settings") ;?></h4>
|
||||||
<?php CSRFToken() ?>
|
<?php echo CSRFToken() ?>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="form-group col-md-4">
|
<div class="form-group col-md-4">
|
||||||
<label for="cbxinterface"><?php echo _("Interface") ;?></label>
|
<label for="cbxinterface"><?php echo _("Interface") ;?></label>
|
||||||
|
@ -200,7 +200,7 @@ if (isset($_POST['system_shutdown'])) {
|
|||||||
|
|
||||||
<div role="tabpanel" class="tab-pane" id="language">
|
<div role="tabpanel" class="tab-pane" id="language">
|
||||||
<h4><?php echo _("Language settings") ;?></h4>
|
<h4><?php echo _("Language settings") ;?></h4>
|
||||||
<?php CSRFToken() ?>
|
<?php echo CSRFToken() ?>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="form-group col-md-4">
|
<div class="form-group col-md-4">
|
||||||
<label for="code"><?php echo _("Select a language"); ?></label>
|
<label for="code"><?php echo _("Select a language"); ?></label>
|
||||||
|
Loading…
Reference in New Issue
Block a user