From 68f8924c7c9157e4a324c77695fbf0e07635fb32 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 8 Jul 2011 15:04:12 +0200 Subject: s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin --- source3/web/swat.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/web') diff --git a/source3/web/swat.c b/source3/web/swat.c index ac182dd707..7ce6893af1 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -934,9 +934,14 @@ static void globals_page(void) { unsigned int parm_filter = FLAG_BASIC; int mode = 0; + const char form_name[] = "globals"; printf("

%s

\n", _("Global Parameters")); + if (!verify_xsrf_token(form_name)) { + goto output_page; + } + if (cgi_variable("Commit")) { commit_parameters(GLOBAL_SECTION_SNUM); save_reload(-1); @@ -949,7 +954,9 @@ static void globals_page(void) if ( cgi_variable("AdvMode")) mode = 1; +output_page: printf("
\n"); + print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); ViewModeBoxes( mode ); switch ( mode ) { -- cgit