diff options
| author | Kai Blin <kai@samba.org> | 2011-07-08 15:02:53 +0200 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2011-07-26 22:22:25 +0200 |
| commit | 00d255fc1d91f2baae9294c838012b9b2cb6dfbc (patch) | |
| tree | 2832f1e121deaf0e159cae6fda3df6736ee05edf /source3/web | |
| parent | 15ed2a0eedb530fbfd244ed6c0121db18102860f (diff) | |
| download | samba-00d255fc1d91f2baae9294c838012b9b2cb6dfbc.tar.gz | |
s3 swat: Add XSRF protection to viewconfig page
Signed-off-by: Kai Blin <kai@samba.org>
Diffstat (limited to 'source3/web')
| -rw-r--r-- | source3/web/swat.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/web/swat.c b/source3/web/swat.c index 353b7faf590..93661457000 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -678,13 +678,20 @@ static void welcome_page(void) static void viewconfig_page(void) { int full_view=0; + const char form_name[] = "viewconfig"; + + if (!verify_xsrf_token(form_name)) { + goto output_page; + } if (cgi_variable("full_view")) { full_view = 1; } +output_page: printf("<H2>%s</H2>\n", _("Current Config")); printf("<form method=post>\n"); + print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); if (full_view) { printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View")); |