Commit e5c68a10 authored by Marius Cramer's avatar Marius Cramer
Browse files

- fixed csrf handling on server config edit

parent 53648881
......@@ -691,10 +691,6 @@ class tform {
unset($_POST);
unset($record);
}
$_SESSION['_csrf'][$_csrf_id] = null;
$_SESSION['_csrf_timeout'][$_csrf_id] = null;
unset($_SESSION['_csrf'][$_csrf_id]);
unset($_SESSION['_csrf_timeout'][$_csrf_id]);
if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
$to_unset = array();
......
......@@ -92,11 +92,15 @@ class page_action extends tform_actions {
}
}
}
$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
$app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
if($app->tform->errorMessage == '') {
$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
$app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
} else {
$app->error('Security breach!');
}
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment