github
/
phpservermon
mirror of https://github.com/phpservermon/phpservermon
1
0
Fork 0
Code Issues Releases Wiki Activity

#367 fixed a csrf bug since 2014

pull/369/head
尘缘 2016-10-19 11:05:26 +08:00
parent 80df5b7735
commit fe99c1cbec
3 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/psm/Module/Server/Controller/StatusController.php
View File

@ -37,6 +37,7 @@ class StatusController extends AbstractServerController {
function __construct(Database $db, \Twig_Environment $twig) { function __construct(Database $db, \Twig_Environment $twig) {
parent::__construct($db, $twig); parent::__construct($db, $twig);
$this->setCSRFKey('status');
$this->setActions(array('index', 'saveLayout'), 'index'); $this->setActions(array('index', 'saveLayout'), 'index');
} }

1
src/templates/default/module/server/status/index.tpl.html
View File

@ -1,4 +1,5 @@
<div class="tab-content"> <div class="tab-content">
<input type="hidden" name="saveLayout_csrf" value="{{ csrf_token(csrf_key|default('')) }}" />
<div id="flow-layout" class="tab-pane {{ block_layout_active }}"> <div id="flow-layout" class="tab-pane {{ block_layout_active }}">
<div class="entity-container"> <div class="entity-container">
{% for server in servers_offline %} {% for server in servers_offline %}

1
static/js/scripts.js
View File

@ -135,6 +135,7 @@ function psm_xhr(mod, params, method, on_complete, options) {
function psm_saveLayout(layout) { function psm_saveLayout(layout) {
var params = { var params = {
action: 'saveLayout', action: 'saveLayout',
csrf: $("input[name=saveLayout_csrf]").val(),
layout: layout layout: layout
}; };
psm_xhr('server_status', params, 'POST'); psm_xhr('server_status', params, 'POST');