oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Restore ability to edit ITransact and Ogone payment drivers. Ensure that all forms use CSRF tokens.

Browse source
This commit is contained in:
Colin Kuskie 2012-02-24 22:43:43 -08:00
parent 02bb3a9d67
commit 476b14f82c
3 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/WebGUI/Shop/PayDriver.pm
View file

@ -372,6 +372,7 @@ sub getEditForm {
my $form = WebGUI::FormBuilder->new($self->session);
$form->addField( "submit", name => "send" );
$form->addField( 'csrfToken', name => 'csrfToken' );
$self->getDoFormTags('editSave', $form);
$form->addField( "hidden",
@ -657,7 +658,6 @@ sub www_edit {
return $session->privilege->insufficient() unless $session->user->isAdmin;
my $form = $self->getEditForm;
$form->addField( 'csrfToken', name => 'csrfToken' );
$form->addField( "submit", name => "send" );
return '<h1>' . $i18n->get('payment methods') . '</h1>' . $form->toHtml;