1
0
mirror of https://github.com/moparisthebest/user_sql synced 2024-12-21 23:18:51 -05:00

Fixed possible CSRF attacks (thanks to Lukas Reschke)

This commit is contained in:
Andreas Boehler 2013-03-02 07:49:39 +01:00
parent 55c9a9f0bd
commit ea2f18b22b
3 changed files with 4 additions and 2 deletions

View File

@ -1 +1 @@
0.7
0.7.1

View File

@ -23,8 +23,10 @@
$params = array('sql_host', 'sql_user', 'sql_database', 'sql_password', 'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type', 'sql_column_active', 'strip_domain', 'default_domain', 'crypt_type');
OCP\Util::addscript('user_sql', 'settings');
OCP\User::checkAdminUser();
if ($_POST) {
OCP\JSON::callCheck();
foreach($params as $param){
if(isset($_POST[$param]))
{

View File

@ -40,7 +40,7 @@
<p><label for="sql_column_active"><?php echo $l->t('User Active Column');?></label><input type="text" id="sql_column_active" name="sql_column_active" value="<?php echo $_['sql_column_active']; ?>" /></p>
<p><label for="strip_domain"><?php echo $l->t('Strip Domain Part from Username');?></label><input type="checkbox" id="strip_domain" name="strip_domain" value="1"<?php if($_['strip_domain']) echo ' checked'; ?> title="Strip Domain Part from Username when logging in and retrieving username lists"></p>
<p><label for="default_domain"><?php echo $l->t('Add default domain to Usernames');?></label><input type="text" id="default_domain" name="default_domain" value="<?php echo $_['default_domain']; ?>" /></p>
<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken" />
<input type="submit" value="<?php echo $l->t('Save'); ?>" />
</fieldset>
</form>