Skip to content

Commit 13e402b

Browse files
simonLeary42simonLeary42
committed
add inputs to all forms
1 parent 436a564 commit 13e402b

File tree

12 files changed

+43
-11
lines changed

12 files changed

+43
-11
lines changed

resources/templates/header.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -162,10 +162,12 @@
162162
&& isset($_SESSION["viewUser"])
163163
) {
164164
$viewUser = $_SESSION["viewUser"];
165+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
165166
echo "
166167
<div id='viewAsBar'>
167168
<span>You are accessing the web portal as the user <strong>$viewUser</strong></span>
168169
<form method='POST' action=''>
170+
$CSRFTokenHiddenFormInput
169171
<input type='hidden' name='form_type' value='clearView'>
170172
<input type='hidden' name='uid' value='$viewUser'>
171173
<input type='submit' value='Return to My User'>

webroot/admin/ajax/get_group_members.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
echo "<td>$uid</td>";
3535
echo "<td><a href='mailto:$mail'>$mail</a></td>";
3636
echo "<td>";
37+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
3738
echo "
3839
<form
3940
action=''
@@ -42,6 +43,7 @@
4243
return confirm(\"Are you sure you want to remove $uid from this group?\");
4344
'
4445
>
46+
$CSRFTokenHiddenFormInput
4547
<input type='hidden' name='form_type' value='remUserChild'>
4648
<input type='hidden' name='uid' value='$uid'>
4749
<input type='hidden' name='pi' value='$group->gid'>
@@ -65,9 +67,11 @@
6567
echo "<td>$user->uid</td>";
6668
echo "<td><a href='mailto:$email'>$email</a></td>";
6769
echo "<td>";
70+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
6871
echo
6972
"<form action='' method='POST'
7073
onsubmit='return confirm(\"Are you sure you want to approve $user->uid ?\");'>
74+
$CSRFTokenHiddenFormInput
7175
<input type='hidden' name='form_type' value='reqChild'>
7276
<input type='hidden' name='uid' value='$user->uid'>
7377
<input type='hidden' name='pi' value='$group->gid'>

webroot/admin/content.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
<hr>
2222

2323
<form id="pageForm" method="POST" action="">
24+
<?php echo UnityHTTPD::getCSRFTokenHiddenFormInput(); ?>
2425
<select name="pageSel" required>
2526
<option value="" selected disabled hidden>Select page...</option>
2627
<?php

webroot/admin/notices.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
<button style='display: none;' class='btnClear'>Create New Notice Instead</button>
3737

3838
<form action="" method="POST" id="noticeForm">
39+
<?php echo UnityHTTPD::getCSRFTokenHiddenFormInput(); ?>
3940
<input type="hidden" name=id>
4041
<input type="hidden" name="form_type" value="newNotice">
4142
<input type="text" name="title" placeholder="Notice Title">
@@ -62,8 +63,10 @@
6263
echo "<span class='noticeDate'>" . date('Y-m-d', strtotime($notice["date"])) . "</span>";
6364
echo "<div class='noticeText'>" . $notice["message"] . "</div>";
6465
echo "<button class='btnEdit'>Edit</button>";
65-
echo
66-
"<form style='display: inline-block; margin-left: 10px;' method='POST' action=''>
66+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
67+
echo "
68+
<form style='display: inline-block; margin-left: 10px;' method='POST' action=''>
69+
$CSRFTokenHiddenFormInput
6770
<input type='hidden' name='form_type' value='delNotice'>
6871
<input type='hidden' name='id' value='" . $notice["id"] . "'>
6972
<input type='submit' value='Delete'>

webroot/admin/pi-mgmt.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,8 +76,10 @@
7676
echo "<td><a href='mailto:$email'>$email</a></td>";
7777
echo "<td>" . date("jS F, Y", strtotime($request['timestamp'])) . "</td>";
7878
echo "<td>";
79+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
7980
echo
8081
"<form action='' method='POST'>
82+
$CSRFTokenHiddenFormInput
8183
<input type='hidden' name='form_type' value='req'>
8284
<input type='hidden' name='uid' value='$uid'>
8385
<input type='submit' name='action' value='Approve'

webroot/admin/user-mgmt.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,8 +74,10 @@ class="filterSearch"
7474
}
7575
echo "</td>";
7676
echo "<td>";
77+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
7778
echo "<form class='viewAsUserForm' action='' method='POST'
7879
onsubmit='return confirm(\"Are you sure you want to switch to the user $uid?\");'>
80+
$CSRFTokenHiddenFormInput
7981
<input type='hidden' name='form_type' value='viewAsUser'>
8082
<input type='hidden' name='uid' value='$uid'>
8183
<input type='submit' name='action' value='Access'>

webroot/panel/account.php

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,7 @@
158158
id='piReq'
159159
>
160160
";
161+
echo UnityHTTPD::getCSRFTokenHiddenFormInput();
161162
if ($SQL->accDeletionRequestExists($USER->uid)) {
162163
echo "<input type='submit' value='Request PI Account' disabled />";
163164
echo "
@@ -207,6 +208,7 @@
207208
}
208209

209210
for ($i = 0; $sshPubKeys != null && $i < count($sshPubKeys); $i++) {
211+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
210212
echo
211213
"<div class='key-box'>
212214
<textarea spellcheck='false' readonly>" . $sshPubKeys[$i] . "</textarea>
@@ -215,28 +217,31 @@
215217
onsubmit='return confirm(\"Are you sure you want to delete this SSH key?\");'
216218
method='POST'
217219
>
220+
$CSRFTokenHiddenFormInput
218221
<input type='hidden' name='delIndex' value='$i' />
219222
<input type='hidden' name='form_type' value='delKey' />
220223
<input type='submit' value='&times;' />
221224
</form>
222225
</div>";
223226
}
224227

225-
echo '
226-
<button type="button" class="plusBtn btnAddKey"><span>&#43;</span></button>
228+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
229+
echo "
230+
<button type='button' class='plusBtn btnAddKey'><span>&#43;</span></button>
227231
<hr>
228232
<h5>Login Shell</h5>
229-
<form action="" method="POST">
230-
<input type="hidden" name="form_type" value="loginshell" />
231-
<select id="loginSelector" class="code" name="shellSelect">
232-
';
233+
<form action='' method='POST'>
234+
$CSRFTokenHiddenFormInput
235+
<input type='hidden' name='form_type' value='loginshell' />
236+
<select id='loginSelector' class='code' name='shellSelect'>
237+
";
233238
foreach (CONFIG["loginshell"]["shell"] as $shell) {
234239
echo "<option>$shell</option>";
235240
}
236241
echo "
237-
</select>
238-
<br>
239-
<input id='submitLoginShell' type='submit' value='Set Login Shell' />
242+
</select>
243+
<br>
244+
<input id='submitLoginShell' type='submit' value='Set Login Shell' />
240245
</form>
241246
<hr>
242247
<h5>Account Deletion</h5>
@@ -245,13 +250,15 @@
245250
if ($hasGroups) {
246251
echo "<p>You cannot request to delete your account while you are in a PI group.</p>";
247252
} else {
253+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
248254
echo "
249255
<form
250256
action=''
251257
method='POST'
252258
id='accDel'
253259
onsubmit='return confirm(\"Are you sure you want to request an account deletion?\")'
254260
>
261+
$CSRFTokenHiddenFormInput
255262
<input type='hidden' name='form_type' value='account_deletion_request' />
256263
";
257264
if ($SQL->accDeletionRequestExists($USER->uid)) {

webroot/panel/groups.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,9 @@
102102
echo "<td><a href='mailto:$mail'>$mail</a></td>";
103103
echo "<td>" . date("jS F, Y", strtotime($request['timestamp'])) . "</td>";
104104
echo "<td>";
105+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
105106
echo "<form action='' method='POST' id='cancelPI'>
107+
$CSRFTokenHiddenFormInput
106108
<input type='hidden' name='pi' value='{$requested_account->gid}'>
107109
<input type='hidden' name='form_type' value='cancelPIForm'>
108110
<input name='cancel' style='margin-top: 10px;' type='submit' value='Cancel Request'/>
@@ -148,10 +150,12 @@
148150
echo "<td><button class='btnExpand'>&#9654;</button>$full_name</td>";
149151
echo "<td>" . $group->gid . "</td>";
150152
echo "<td><a href='mailto:" . $owner->getMail() . "'>" . $owner->getMail() . "</a></td>";
153+
$CSRFTokenHiddenFormInput = UnityHTTPD::getCSRFTokenHiddenFormInput();
151154
echo
152155
"<td>
153156
<form action='' method='POST'
154157
onsubmit='return confirm(\"Are you sure you want to leave the PI group " . $group->gid . "?\")'>
158+
$CSRFTokenHiddenFormInput
155159
<input type='hidden' name='form_type' value='removePIForm'>
156160
<input type='hidden' name='pi' value='" . $group->gid . "'>
157161
<input type='submit' value='Leave Group'>

webroot/panel/modal/new_key.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55

66
<form id="newKeyform" enctype="multipart/form-data" method="POST"
77
action="<?php echo CONFIG["site"]["prefix"]; ?>/panel/account.php">
8+
<?php echo UnityHTTPD::getCSRFTokenHiddenFormInput(); ?>
89
<input type='hidden' name='form_type' value='addKey'>
910

1011
<div class='inline'>

webroot/panel/modal/new_pi.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
method="POST"
99
action="<?php echo CONFIG["site"]["prefix"]; ?>/panel/groups.php"
1010
>
11+
<?php echo UnityHTTPD::getCSRFTokenHiddenFormInput(); ?>
1112
<input type="hidden" name="form_type" value="addPIform">
1213
<div style="position: relative;">
1314
<input type="text" id="pi_search" name="pi" placeholder="Search PI by NetID" required>

0 commit comments

Comments
 (0)