summaryrefslogtreecommitdiff
path: root/source3/web
diff options
context:
space:
mode:
authorKai Blin <kai@samba.org>2011-07-08 15:02:53 +0200
committerJeremy Allison <jra@samba.org>2011-07-26 22:22:25 +0200
commit00d255fc1d91f2baae9294c838012b9b2cb6dfbc (patch)
tree2832f1e121deaf0e159cae6fda3df6736ee05edf /source3/web
parent15ed2a0eedb530fbfd244ed6c0121db18102860f (diff)
downloadsamba-00d255fc1d91f2baae9294c838012b9b2cb6dfbc.tar.gz
s3 swat: Add XSRF protection to viewconfig page
Signed-off-by: Kai Blin <kai@samba.org>
Diffstat (limited to 'source3/web')
-rw-r--r--source3/web/swat.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 353b7faf590..93661457000 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -678,13 +678,20 @@ static void welcome_page(void)
static void viewconfig_page(void)
{
int full_view=0;
+ const char form_name[] = "viewconfig";
+
+ if (!verify_xsrf_token(form_name)) {
+ goto output_page;
+ }
if (cgi_variable("full_view")) {
full_view = 1;
}
+output_page:
printf("<H2>%s</H2>\n", _("Current Config"));
printf("<form method=post>\n");
+ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
if (full_view) {
printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View"));