Menu
▾
▴
[Weberp-cvs] SF.net SVN: web-erp:[4052] trunk
|
From: <tim...@us...> - 2010-09-30 16:20:29
|
Revision: 4052
http://web-erp.svn.sourceforge.net/web-erp/?rev=4052&view=rev
Author: tim_schofield
Date: 2010-09-30 16:20:23 +0000 (Thu, 30 Sep 2010)
Log Message:
-----------
Add form verification to prevent form spoofing
Modified Paths:
--------------
trunk/Z_UpdateChartDetailsBFwd.php
trunk/Z_Upgrade3.10.php
Modified: trunk/Z_UpdateChartDetailsBFwd.php
===================================================================
--- trunk/Z_UpdateChartDetailsBFwd.php 2010-09-30 16:20:09 UTC (rev 4051)
+++ trunk/Z_UpdateChartDetailsBFwd.php 2010-09-30 16:20:23 UTC (rev 4052)
@@ -9,6 +9,7 @@
echo "<form method='POST' action=" . $_SERVER['PHP_SELF'] . '?' . SID . '>';
+echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
if ($_POST['FromPeriod'] > $_POST['ToPeriod']){
prnMsg(_('The selected period from is actually after the period to') . '. ' . _('Please re-select the reporting period'),'error');
Modified: trunk/Z_Upgrade3.10.php
===================================================================
--- trunk/Z_Upgrade3.10.php 2010-09-30 16:20:09 UTC (rev 4051)
+++ trunk/Z_Upgrade3.10.php 2010-09-30 16:20:23 UTC (rev 4052)
@@ -10,6 +10,7 @@
if (!isset($_POST['DoUpgrade'])) {
echo "<br><form method='post' action='" . $_SERVER['PHP_SELF'] . '?' . SID . "'>";
+ echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<div class="centre"><input type=submit name=DoUpgrade value="' . _('Perform Upgrade') . '"></div>';
echo '</form';
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
