oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add CSRF code to ProfileSettings edit profile field and edit profile category.

Browse source
This commit is contained in:
Colin Kuskie 2009-07-20 15:38:07 +00:00
parent 3b8d5f62bc
commit d26c6b402b
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/WebGUI/Operation/ProfileSettings.pm
View file

@ -201,8 +201,8 @@ Returns the user to www_editProfileSettings when done.
#-------------------------------------------------------------------
sub www_editProfileCategorySave {
my $session = shift;
return $session->privilege->adminOnly() unless canView($session);
my $session = shift;
return $session->privilege->adminOnly() unless canView($session) && $session->form->validToken();
my %data = (
label => $session->form->text("label"),
shortLabel => $session->form->text("shortLabel"),
@ -359,8 +359,8 @@ Returns the user to www_editProfileSettings when done.
#-------------------------------------------------------------------
sub www_editProfileFieldSave {
my $session = shift;
return $session->privilege->adminOnly() unless canView($session);
my $session = shift;
return $session->privilege->adminOnly() unless canView($session) && $session->form->validToken();
# Special case for WebGUI auth password recovery.
my $requiredForPasswordRecovery = $session->form->yesNo('requiredForPasswordRecovery');