composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Adding CSRF protection to simulation step in CSV import

Browse Source
This commit is contained in:
jf-cbd
2024-04-10 10:34:06 +02:00
parent a371b7f03b
commit ffefa5495a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pages/csvimport.php
View File

@@ -226,7 +226,7 @@ try {
} }
// CSRF transaction id verification // CSRF transaction id verification
if(!$bSimulate && !utils::IsTransactionValid(utils::ReadPostedParam('transaction_id', '', 'raw_data'))){ if(!utils::IsTransactionValid(utils::ReadPostedParam('transaction_id', '', 'raw_data'))){
throw new CoreException(Dict::S('UI:Error:InvalidToken')); throw new CoreException(Dict::S('UI:Error:InvalidToken'));
} }
@@ -375,6 +375,7 @@ try {
$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("synchro_scope", $sSynchroScope)); $oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("synchro_scope", $sSynchroScope));
$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("date_time_format", $sDateTimeFormat)); $oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("date_time_format", $sDateTimeFormat));
$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("custom_date_time_format", $sCustomDateTimeFormat)); $oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("custom_date_time_format", $sCustomDateTimeFormat));
$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden("transaction_id", utils::GetNewTransactionId(), "transaction_id")); // adding transaction_id field for next step (simulation)
if (!empty($sSynchroScope)) { if (!empty($sSynchroScope)) {
foreach ($aSynchroUpdate as $sKey => $value) { foreach ($aSynchroUpdate as $sKey => $value) {