From: <nuc...@us...> - 2008-06-11 13:58:20
|
Revision: 5353 http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5353&view=rev Author: nuclear_eclipse Date: 2008-06-11 06:57:12 -0700 (Wed, 11 Jun 2008) Log Message: ----------- Add form security tokens to prevent CSRF issues Modified Paths: -------------- branches/BRANCH_1_1_0/mantisbt/core/print_api.php Modified: branches/BRANCH_1_1_0/mantisbt/core/print_api.php =================================================================== --- branches/BRANCH_1_1_0/mantisbt/core/print_api.php 2008-06-10 22:48:09 UTC (rev 5352) +++ branches/BRANCH_1_1_0/mantisbt/core/print_api.php 2008-06-11 13:57:12 UTC (rev 5353) @@ -1176,11 +1176,13 @@ $c_field_id = (integer)$p_field_id; $t_project_ids = custom_field_get_project_ids( $p_field_id ); + $t_security_token = form_security_param( 'manage_proj_custom_field_remove' ); + foreach ( $t_project_ids as $t_project_id ) { $t_project_name = project_get_field( $t_project_id, 'name' ); $t_sequence = custom_field_get_sequence( $p_field_id, $t_project_id ); echo '<b>', $t_project_name, '</b>: '; - print_bracket_link( "manage_proj_custom_field_remove.php?field_id=$c_field_id&project_id=$t_project_id&return=custom_field", lang_get( 'remove_link' ) ); + print_bracket_link( "manage_proj_custom_field_remove.php?field_id=$c_field_id&project_id=$t_project_id&return=custom_field$t_security_token", lang_get( 'remove_link' ) ); echo '<br />- '; $t_linked_field_ids = custom_field_get_linked_ids( $t_project_id ); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |