projects
/
platal.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixes XSRF vulnerabilities in password page, admin pages, and GoogleApps pages.
[platal.git]
/
classes
/
csvimporter.php
diff --git
a/classes/csvimporter.php
b/classes/csvimporter.php
index
6590df4
..
e065195
100644
(file)
--- a/
classes/csvimporter.php
+++ b/
classes/csvimporter.php
@@
-330,6
+330,9
@@
class CSVImporter
$fields[] = $key;
}
if ($current == 'valid' && Env::has('csv_valid')) {
$fields[] = $key;
}
if ($current == 'valid' && Env::has('csv_valid')) {
+ if (!Session::has_xsrf_token()) {
+ $page->kill("L'opération n'a pas pu être effectuée, merci de réessayer.");
+ }
$this->run($_SESSION['csv_action'], $insert, $update);
$page->assign('csv_done', true);
$this->cleanSession($sesfields);
$this->run($_SESSION['csv_action'], $insert, $update);
$page->assign('csv_done', true);
$this->cleanSession($sesfields);