mirror of
https://github.com/moparisthebest/user_sql
synced 2024-11-25 18:42:22 -05:00
Fixed possible CSRF attacks (thanks to Lukas Reschke)
This commit is contained in:
parent
55c9a9f0bd
commit
ea2f18b22b
@ -1 +1 @@
|
|||||||
0.7
|
0.7.1
|
||||||
|
@ -23,8 +23,10 @@
|
|||||||
$params = array('sql_host', 'sql_user', 'sql_database', 'sql_password', 'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type', 'sql_column_active', 'strip_domain', 'default_domain', 'crypt_type');
|
$params = array('sql_host', 'sql_user', 'sql_database', 'sql_password', 'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type', 'sql_column_active', 'strip_domain', 'default_domain', 'crypt_type');
|
||||||
|
|
||||||
OCP\Util::addscript('user_sql', 'settings');
|
OCP\Util::addscript('user_sql', 'settings');
|
||||||
|
OCP\User::checkAdminUser();
|
||||||
|
|
||||||
if ($_POST) {
|
if ($_POST) {
|
||||||
|
OCP\JSON::callCheck();
|
||||||
foreach($params as $param){
|
foreach($params as $param){
|
||||||
if(isset($_POST[$param]))
|
if(isset($_POST[$param]))
|
||||||
{
|
{
|
||||||
|
@ -40,7 +40,7 @@
|
|||||||
<p><label for="sql_column_active"><?php echo $l->t('User Active Column');?></label><input type="text" id="sql_column_active" name="sql_column_active" value="<?php echo $_['sql_column_active']; ?>" /></p>
|
<p><label for="sql_column_active"><?php echo $l->t('User Active Column');?></label><input type="text" id="sql_column_active" name="sql_column_active" value="<?php echo $_['sql_column_active']; ?>" /></p>
|
||||||
<p><label for="strip_domain"><?php echo $l->t('Strip Domain Part from Username');?></label><input type="checkbox" id="strip_domain" name="strip_domain" value="1"<?php if($_['strip_domain']) echo ' checked'; ?> title="Strip Domain Part from Username when logging in and retrieving username lists"></p>
|
<p><label for="strip_domain"><?php echo $l->t('Strip Domain Part from Username');?></label><input type="checkbox" id="strip_domain" name="strip_domain" value="1"<?php if($_['strip_domain']) echo ' checked'; ?> title="Strip Domain Part from Username when logging in and retrieving username lists"></p>
|
||||||
<p><label for="default_domain"><?php echo $l->t('Add default domain to Usernames');?></label><input type="text" id="default_domain" name="default_domain" value="<?php echo $_['default_domain']; ?>" /></p>
|
<p><label for="default_domain"><?php echo $l->t('Add default domain to Usernames');?></label><input type="text" id="default_domain" name="default_domain" value="<?php echo $_['default_domain']; ?>" /></p>
|
||||||
|
<input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken" />
|
||||||
<input type="submit" value="<?php echo $l->t('Save'); ?>" />
|
<input type="submit" value="<?php echo $l->t('Save'); ?>" />
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
|
Loading…
Reference in New Issue
Block a user