1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

don't write the csrf token field to the output buffer

but return and echo it
This commit is contained in:
glaszig 2019-08-01 13:03:59 +02:00
parent 6f1ae104f3
commit 0a255e8b49
5 changed files with 5 additions and 5 deletions

View File

@ -40,7 +40,7 @@ function DisplayAuthConfig($username, $password)
<div class="panel-body">
<p><?php $status->showMessages(); ?></p>
<form role="form" action="?page=auth_conf" method="POST">
<?php CSRFToken() ?>
<?php echo CSRFToken() ?>
<div class="row">
<div class="form-group col-md-4">
<label for="username"><?php echo _("Username"); ?></label>

View File

@ -182,7 +182,7 @@ function DisplayWPAConfig()
</div>
<form method="POST" action="?page=wpa_conf" name="wpa_conf_form">
<?php CSRFToken() ?>
<?php echo CSRFToken() ?>
<input type="hidden" name="client_settings" ?>
<script>
function showPassword(index) {

View File

@ -70,7 +70,7 @@ function ensureCSRFSessionToken()
function CSRFToken()
{
$token = htmlspecialchars($_SESSION['csrf_token']);
echo '<input id="csrf_token" type="hidden" name="csrf_token" value="' . $token . '">';
return '<input id="csrf_token" type="hidden" name="csrf_token" value="' . $token . '">';
}
/**

View File

@ -83,7 +83,7 @@ function DisplayHostAPDConfig()
<div class="tab-pane fade in active" id="basic">
<h4><?php echo _("Basic settings") ;?></h4>
<?php CSRFToken() ?>
<?php echo CSRFToken() ?>
<div class="row">
<div class="form-group col-md-4">
<label for="cbxinterface"><?php echo _("Interface") ;?></label>

View File

@ -200,7 +200,7 @@ if (isset($_POST['system_shutdown'])) {
<div role="tabpanel" class="tab-pane" id="language">
<h4><?php echo _("Language settings") ;?></h4>
<?php CSRFToken() ?>
<?php echo CSRFToken() ?>
<div class="row">
<div class="form-group col-md-4">
<label for="code"><?php echo _("Select a language"); ?></label>