From ac070b0e400bfe74c77331308e10db6da4e53ab9 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 8 Jul 2011 15:04:12 +0200 Subject: [PATCH] s3 swat: Add XSRF protection to globals page Signed-off-by: Kai Blin (cherry picked from commit 6ea5fac27f2fef35ea12c24250948e00245aacee) --- source3/web/swat.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source3/web/swat.c b/source3/web/swat.c index 88efe8e6754..2c99f57829f 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -921,9 +921,14 @@ static void globals_page(void) { unsigned int parm_filter = FLAG_BASIC; int mode = 0; + const char form_name[] = "globals"; printf("

%s

\n", _("Global Parameters")); + if (!verify_xsrf_token(form_name)) { + goto output_page; + } + if (cgi_variable("Commit")) { commit_parameters(GLOBAL_SECTION_SNUM); save_reload(0); @@ -936,7 +941,9 @@ static void globals_page(void) if ( cgi_variable("AdvMode")) mode = 1; +output_page: printf("
\n"); + print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); ViewModeBoxes( mode ); switch ( mode ) { -- 2.11.4.GIT