aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorKlaus Weidenbach <Klaus.Weidenbach@gmx.net>2017-03-29 23:53:03 +0200
committerKlaus Weidenbach <Klaus.Weidenbach@gmx.net>2017-03-30 23:17:32 +0200
commit81736a01299f7c963e361e9b192df074999d16d8 (patch)
treecf460662e025c370efac713120fe75634bbf179d /Zotlabs
parentdea487993828d00e7be9709752129e445a255171 (diff)
downloadvolse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.gz
volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.bz2
volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.zip
:lock: Add CSRF protection for import and import_items.
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Import.php3
-rw-r--r--Zotlabs/Module/Import_items.php3
2 files changed, 6 insertions, 0 deletions
diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php
index b98c9be9b..54bc7de81 100644
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -478,6 +478,8 @@ class Import extends \Zotlabs\Web\Controller {
if(! $account_id)
return;
+ check_form_security_token_redirectOnErr('/import', 'channel_import');
+
$this->import_account($account_id);
}
@@ -508,6 +510,7 @@ class Import extends \Zotlabs\Web\Controller {
'$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'),
'$email' => '',
'$pass' => '',
+ '$form_security_token' => get_form_security_token('channel_import'),
'$submit' => t('Submit')
));
diff --git a/Zotlabs/Module/Import_items.php b/Zotlabs/Module/Import_items.php
index 133e37d9e..c2b2506fe 100644
--- a/Zotlabs/Module/Import_items.php
+++ b/Zotlabs/Module/Import_items.php
@@ -15,6 +15,8 @@ class Import_items extends \Zotlabs\Web\Controller {
if(! local_channel())
return;
+ check_form_security_token_redirectOnErr('/import_items', 'import_items');
+
$data = null;
$src = $_FILES['filename']['tmp_name'];
@@ -123,6 +125,7 @@ class Import_items extends \Zotlabs\Web\Controller {
'$title' => t('Import Items'),
'$desc' => t('Use this form to import existing posts and content from an export file.'),
'$label_filename' => t('File to Upload'),
+ '$form_security_token' => get_form_security_token('import_items'),
'$submit' => t('Submit')
));