Menu
▾
▴
[Weberp-cvs] SF.net SVN: web-erp:[4032] trunk
|
From: <tim...@us...> - 2010-09-30 16:14:33
|
Revision: 4032
http://web-erp.svn.sourceforge.net/web-erp/?rev=4032&view=rev
Author: tim_schofield
Date: 2010-09-30 16:14:24 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/Z_ChangeCustomerCode.php
trunk/Z_ChangeStockCategory.php
Modified: trunk/Z_ChangeCustomerCode.php
===================================================================
--- trunk/Z_ChangeCustomerCode.php 2010-09-30 16:13:43 UTC (rev 4031)
+++ trunk/Z_ChangeCustomerCode.php 2010-09-30 16:14:24 UTC (rev 4032)
@@ -220,6 +220,7 @@
}
echo "<form action='" . $_SERVER['PHP_SELF'] . "?=" . $SID . "' method=post>";
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p><table>
<tr><td>' . _('Existing Debtor Code') . ":</td>
Modified: trunk/Z_ChangeStockCategory.php
===================================================================
--- trunk/Z_ChangeStockCategory.php 2010-09-30 16:13:43 UTC (rev 4031)
+++ trunk/Z_ChangeStockCategory.php 2010-09-30 16:14:24 UTC (rev 4032)
@@ -90,6 +90,7 @@
echo '<p>' . _('Stock Code') . ': ' . $_POST['OldStockCategory'] . ' ' . _('was successfully changed to') . ' : ' . $_POST['NewStockCategory'];
}
echo "<form action='" . $_SERVER['PHP_SELF'] . "?=" . $SID . "' method=post>";
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<p><table>
<tr><td>' . _('Existing Inventory Category Code') . ":</td>
<td><input type=Text name='OldStockCategory' size=20 maxlength=20></td></tr>";
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
