mirror of
https://github.com/moparisthebest/user_sql
synced 2024-12-21 23:18:51 -05:00
Fixed possible CSRF attacks (thanks to Lukas Reschke)
This commit is contained in:
parent
55c9a9f0bd
commit
ea2f18b22b
@ -1 +1 @@
|
||||
0.7
|
||||
0.7.1
|
||||
|
@ -23,8 +23,10 @@
|
||||
$params = array('sql_host', 'sql_user', 'sql_database', 'sql_password', 'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type', 'sql_column_active', 'strip_domain', 'default_domain', 'crypt_type');
|
||||
|
||||
OCP\Util::addscript('user_sql', 'settings');
|
||||
OCP\User::checkAdminUser();
|
||||
|
||||
if ($_POST) {
|
||||
OCP\JSON::callCheck();
|
||||
foreach($params as $param){
|
||||
if(isset($_POST[$param]))
|
||||
{
|
||||
|
@ -40,7 +40,7 @@
|
||||
<p><label for="sql_column_active"><?php echo $l->t('User Active Column');?></label><input type="text" id="sql_column_active" name="sql_column_active" value="<?php echo $_['sql_column_active']; ?>" /></p>
|
||||
<p><label for="strip_domain"><?php echo $l->t('Strip Domain Part from Username');?></label><input type="checkbox" id="strip_domain" name="strip_domain" value="1"<?php if($_['strip_domain']) echo ' checked'; ?> title="Strip Domain Part from Username when logging in and retrieving username lists"></p>
|
||||
<p><label for="default_domain"><?php echo $l->t('Add default domain to Usernames');?></label><input type="text" id="default_domain" name="default_domain" value="<?php echo $_['default_domain']; ?>" /></p>
|
||||
|
||||
<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken" />
|
||||
<input type="submit" value="<?php echo $l->t('Save'); ?>" />
|
||||
</fieldset>
|
||||
</form>
|
||||
|
Loading…
Reference in New Issue
Block a user