diff options
| author | Kai Blin <kai@samba.org> | 2011-07-08 15:02:53 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2011-07-24 21:27:15 +0200 |
| commit | b25d00e3c1ff91e7ec5f56ec2ad0d6b3d635d1e3 (patch) | |
| tree | 6f265da4887f6aedf81f477cae9bf44d7a51b183 | |
| parent | 8af2d4c60a9bad18ef1b37d4034f11c6008efcfa (diff) | |
| download | samba-b25d00e3c1ff91e7ec5f56ec2ad0d6b3d635d1e3.tar.gz | |
s3 swat: Add XSRF protection to viewconfig page
Signed-off-by: Kai Blin <kai@samba.org>
| -rw-r--r-- | source3/web/swat.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/web/swat.c b/source3/web/swat.c index 9dfbfe1be08..430c76ed6ad 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -665,13 +665,20 @@ static void welcome_page(void) static void viewconfig_page(void) { int full_view=0; + const char form_name[] = "viewconfig"; + + if (!verify_xsrf_token(form_name)) { + goto output_page; + } if (cgi_variable("full_view")) { full_view = 1; } +output_page: printf("<H2>%s</H2>\n", _("Current Config")); printf("<form method=post>\n"); + print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); if (full_view) { printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View")); |