Menu
▾
▴
[mantisbt-cvs] SF.net SVN: mantisbt: [5353] branches/BRANCH_1_1_0/mantisbt/core/print_api. php
|
From: <nuc...@us...> - 2008-06-11 13:58:20
|
Revision: 5353
http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5353&view=rev
Author: nuclear_eclipse
Date: 2008-06-11 06:57:12 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
Add form security tokens to prevent CSRF issues
Modified Paths:
--------------
branches/BRANCH_1_1_0/mantisbt/core/print_api.php
Modified: branches/BRANCH_1_1_0/mantisbt/core/print_api.php
===================================================================
--- branches/BRANCH_1_1_0/mantisbt/core/print_api.php 2008-06-10 22:48:09 UTC (rev 5352)
+++ branches/BRANCH_1_1_0/mantisbt/core/print_api.php 2008-06-11 13:57:12 UTC (rev 5353)
@@ -1176,11 +1176,13 @@
$c_field_id = (integer)$p_field_id;
$t_project_ids = custom_field_get_project_ids( $p_field_id );
+ $t_security_token = form_security_param( 'manage_proj_custom_field_remove' );
+
foreach ( $t_project_ids as $t_project_id ) {
$t_project_name = project_get_field( $t_project_id, 'name' );
$t_sequence = custom_field_get_sequence( $p_field_id, $t_project_id );
echo '<b>', $t_project_name, '</b>: ';
- print_bracket_link( "manage_proj_custom_field_remove.php?field_id=$c_field_id&project_id=$t_project_id&return=custom_field", lang_get( 'remove_link' ) );
+ print_bracket_link( "manage_proj_custom_field_remove.php?field_id=$c_field_id&project_id=$t_project_id&return=custom_field$t_security_token", lang_get( 'remove_link' ) );
echo '<br />- ';
$t_linked_field_ids = custom_field_get_linked_ids( $t_project_id );
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|