diff options
author | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-29 23:53:03 +0200 |
---|---|---|
committer | Klaus Weidenbach <Klaus.Weidenbach@gmx.net> | 2017-03-30 23:17:32 +0200 |
commit | 81736a01299f7c963e361e9b192df074999d16d8 (patch) | |
tree | cf460662e025c370efac713120fe75634bbf179d /view | |
parent | dea487993828d00e7be9709752129e445a255171 (diff) | |
download | volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.gz volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.tar.bz2 volse-hubzilla-81736a01299f7c963e361e9b192df074999d16d8.zip |
:lock: Add CSRF protection for import and import_items.
Diffstat (limited to 'view')
-rwxr-xr-x | view/tpl/channel_import.tpl | 5 | ||||
-rwxr-xr-x | view/tpl/item_import.tpl | 4 |
2 files changed, 2 insertions, 7 deletions
diff --git a/view/tpl/channel_import.tpl b/view/tpl/channel_import.tpl index 2028d6181..baffe9b06 100755 --- a/view/tpl/channel_import.tpl +++ b/view/tpl/channel_import.tpl @@ -1,7 +1,7 @@ <h2>{{$title}}</h2> <form action="import" method="post" enctype="multipart/form-data" id="import-channel-form"> - + <input type="hidden" name="form_security_token" value="{{$form_security_token}}"> <div id="import-desc" class="descriptive-paragraph">{{$desc}}</div> <label for="import-filename" id="label-import-filename" class="import-label" >{{$label_filename}}</label> @@ -40,7 +40,4 @@ <div id="import-submit-end" class="import-field-end"></div> <div id="import-common-desc" class="descriptive-paragraph">{{$pleasewait}}</div> - - </form> - diff --git a/view/tpl/item_import.tpl b/view/tpl/item_import.tpl index 65de7fcaf..e976417e1 100755 --- a/view/tpl/item_import.tpl +++ b/view/tpl/item_import.tpl @@ -1,7 +1,7 @@ <h2>{{$title}}</h2> <form action="import_items" method="post" enctype="multipart/form-data" id="import-channel-form"> - + <input type="hidden" name="form_security_token" value="{{$form_security_token}}"> <div id="import-desc" class="descriptive-paragraph">{{$desc}}</div> <label for="import-filename" id="label-import-filename" class="import-label" >{{$label_filename}}</label> @@ -10,6 +10,4 @@ <input type="submit" name="submit" id="import-submit-button" value="{{$submit}}" /> <div id="import-submit-end" class="import-field-end"></div> - </form> - |