diff options
author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-20 16:02:03 +0100 |
---|---|---|
committer | msquare <msquare@notrademark.de> | 2018-11-21 19:24:36 +0100 |
commit | 944c29b96429ec95ac1371cb33cc43704a60c7b1 (patch) | |
tree | 7be99e68d8c15fc7e210a4b3ccc44861a8d1de64 /includes/pages/admin_rooms.php | |
parent | fd37c9d60ea818dc9a562fa88ff5f9a50132506f (diff) |
Require POST for sending forms
* Ensure that the form is submitted with a post request
* Replaced several links with forms
Closes #494 (Security Vulnerability)
Diffstat (limited to 'includes/pages/admin_rooms.php')
-rw-r--r-- | includes/pages/admin_rooms.php | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 5be3f926..558145bc 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -72,7 +72,7 @@ function admin_rooms() } if ($request->input('show') == 'edit') { - if ($request->has('submit')) { + if ($request->hasPostData('submit')) { $valid = true; if ($request->has('name') && strlen(strip_request_item('name')) > 0) { @@ -178,7 +178,7 @@ function admin_rooms() ]) ]); } elseif ($request->input('show') == 'delete') { - if ($request->has('ack')) { + if ($request->hasPostData('ack')) { Room_delete($room_id); engelsystem_log('Room deleted: ' . $name); @@ -191,13 +191,9 @@ function admin_rooms() button(page_link_to('admin_rooms'), __('back'), 'back') ]), sprintf(__('Do you want to delete room %s?'), $name), - buttons([ - button( - page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room_id, 'ack' => 1]), - __('Delete'), - 'delete btn-danger' - ) - ]) + form([ + form_submit('ack', __('Delete'), 'delete btn-danger'), + ], page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room_id])), ]); } } |