yetangitu/lam
1
0
Fork 0
mirror of https://github.com/LDAPAccountManager/lam.git synced 2025-10-05 10:49:31 +02:00
Code Issues Releases Wiki Activity

added CSRF protection

Browse source
This commit is contained in:
Roland Gruber 2015-05-14 09:18:45 +00:00
parent 1f0d4b0cda
commit c34b040766
10 changed files with 92 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lam/lib/modules/ldapPublicKey.inc
View file

@ -305,7 +305,9 @@ class ldapPublicKey extends baseModule {
for (c = 0; c < count; c++) {
actionJSON["sshPublicKey_" + c] = jQuery(\'#sshPublicKey_\' + c).val();
}
jQuery.post(\'../misc/ajax.php?selfservice=1&module=ldapPublicKey&scope=user\', {jsonInput: actionJSON}, function(data) {ldapPublicKeyDeleteKeyHandleReply(data);}, \'json\');
jQuery.post(\'../misc/ajax.php?selfservice=1&module=ldapPublicKey&scope=user'
. '&' . getSecurityTokenName() . '=' . getSecurityTokenValue()
. '\', {jsonInput: actionJSON}, function(data) {ldapPublicKeyDeleteKeyHandleReply(data);}, \'json\');
}
function ldapPublicKeyDeleteKeyHandleReply(data) {
@ -324,7 +326,9 @@ class ldapPublicKey extends baseModule {
for (c = 0; c < count; c++) {
actionJSON["sshPublicKey_" + c] = jQuery(\'#sshPublicKey_\' + c).val();
}
jQuery.post(\'../misc/ajax.php?selfservice=1&module=ldapPublicKey&scope=user\', {jsonInput: actionJSON}, function(data) {ldapPublicKeyAddKeyHandleReply(data);}, \'json\');
jQuery.post(\'../misc/ajax.php?selfservice=1&module=ldapPublicKey&scope=user'
. '&' . getSecurityTokenName() . '=' . getSecurityTokenValue()
. '\', {jsonInput: actionJSON}, function(data) {ldapPublicKeyAddKeyHandleReply(data);}, \'json\');
}
function ldapPublicKeyAddKeyHandleReply(data) {
@ -348,7 +352,8 @@ class ldapPublicKey extends baseModule {
element: document.getElementById(elementID),
listElement: uploadStatus,
request: {
endpoint: \'../misc/ajax.php?selfservice=1&module=ldapPublicKey&scope=user\',
endpoint: \'../misc/ajax.php?selfservice=1&module=ldapPublicKey&scope=user'
. '&' . getSecurityTokenName() . '=' . getSecurityTokenValue() . '\',
forceMultipart: true,
paramsInBody: true,
params: parameters