museum-digital/csvxml
35
0
Fork 0
Code Issues 2 Pull Requests Releases Activity

Use MD_STD_SEC's anti CSRF functions

Browse Source
This commit is contained in:
Joshua Ramon Enslin
2020-12-10 00:49:46 +01:00
parent b8643e0d04
commit 08d28f037c
4 changed files with 3 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/index.php
View File

@ -38,7 +38,7 @@ echo '
<div class="uploader">
<form enctype="multipart/form-data" action="upload.php" method="POST">
<input type="hidden" id="csrf-token" name="csrf-token" aria-label="Anti-CSRF Token" value="' . htmlspecialchars(getAntiCsrfToken()) . '" />
<input type="hidden" id="csrf-token" name="csrf-token" aria-label="Anti-CSRF Token" value="' . htmlspecialchars(MD_STD_SEC::getAntiCsrfToken()) . '" />
<label for="fileToUpload">' . $tlLoader->tl("csvxml-overview", "csvxml_overview", 'select_csv_file_for_upload') . '</label>
<input name="uploaded" type="file" accept=".csv" id="fileToUpload" required />
<button type="submit">' . $tlLoader->tl("csvxml-overview", "csvxml_overview", 'upload') . '</button>

1
public/index3.php
View File

@ -381,6 +381,7 @@ echo '<hr>';
if ($error + $depcon_error > 0) {
echo '
<p>Error(s) found: ' . ($error + $depcon_error) . '</p>';
echo '<a href="index6.php?fnam=' . htmlspecialchars($_GET['fnam']) . '" class="buttonLike">Create XML for md:import (utf8)</a><br>';
}
else {
echo '<a href="index6.php?fnam=' . htmlspecialchars($_GET['fnam']) . '" class="buttonLike">Create XML for md:import (utf8)</a><br>';

2
public/upload.php
View File

@ -15,7 +15,7 @@ if (session_status() != PHP_SESSION_ACTIVE) {
session_start();
}
if (validateAntiCsrfToken() === false) {
if (MD_STD_SEC::validateAntiCsrfToken() === false) {
throw new MDWrongCsrfTokenException();
}