From 69a57d959dc422eaa4d10ba7005bd884b87b5fdf Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 3 Jun 2015 19:02:55 +0200
Subject: [PATCH] Added csrf protection to dns wizard.

---
 interface/web/dns/dns_wizard.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index a1cf17b263..b950f29574 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -129,7 +129,10 @@ if(is_array($fields)) {
 }
 
 if($_POST['create'] == 1) {
-
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$error = '';
 
 	// apply filters
@@ -287,6 +290,11 @@ if($_POST['create'] == 1) {
 
 $app->tpl->setVar("title", 'DNS Wizard');
 
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_wizard');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
 include $lng_file;
 $app->tpl->setVar($wb);
-- 
GitLab