mirror of
https://github.com/billz/raspap-webgui.git
synced 2023-10-10 13:37:24 +02:00
don't write the csrf token field to the output buffer
but return and echo it
This commit is contained in:
parent
6f1ae104f3
commit
0a255e8b49
@ -40,7 +40,7 @@ function DisplayAuthConfig($username, $password)
|
||||
<div class="panel-body">
|
||||
<p><?php $status->showMessages(); ?></p>
|
||||
<form role="form" action="?page=auth_conf" method="POST">
|
||||
<?php CSRFToken() ?>
|
||||
<?php echo CSRFToken() ?>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="username"><?php echo _("Username"); ?></label>
|
||||
|
@ -182,7 +182,7 @@ function DisplayWPAConfig()
|
||||
</div>
|
||||
|
||||
<form method="POST" action="?page=wpa_conf" name="wpa_conf_form">
|
||||
<?php CSRFToken() ?>
|
||||
<?php echo CSRFToken() ?>
|
||||
<input type="hidden" name="client_settings" ?>
|
||||
<script>
|
||||
function showPassword(index) {
|
||||
|
@ -70,7 +70,7 @@ function ensureCSRFSessionToken()
|
||||
function CSRFToken()
|
||||
{
|
||||
$token = htmlspecialchars($_SESSION['csrf_token']);
|
||||
echo '<input id="csrf_token" type="hidden" name="csrf_token" value="' . $token . '">';
|
||||
return '<input id="csrf_token" type="hidden" name="csrf_token" value="' . $token . '">';
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -83,7 +83,7 @@ function DisplayHostAPDConfig()
|
||||
<div class="tab-pane fade in active" id="basic">
|
||||
|
||||
<h4><?php echo _("Basic settings") ;?></h4>
|
||||
<?php CSRFToken() ?>
|
||||
<?php echo CSRFToken() ?>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="cbxinterface"><?php echo _("Interface") ;?></label>
|
||||
|
@ -200,7 +200,7 @@ if (isset($_POST['system_shutdown'])) {
|
||||
|
||||
<div role="tabpanel" class="tab-pane" id="language">
|
||||
<h4><?php echo _("Language settings") ;?></h4>
|
||||
<?php CSRFToken() ?>
|
||||
<?php echo CSRFToken() ?>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-4">
|
||||
<label for="code"><?php echo _("Select a language"); ?></label>
|
||||
|
Loading…
Reference in New Issue
Block a user