diff --git a/interface/web/admin/software_package_del.php b/interface/web/admin/software_package_del.php
index 31aeb1c09b07e38492823abb41a19bcf2f5c334d..e1387f39c43459b7261f1d90d19798a78c4a7d3e 100644
--- a/interface/web/admin/software_package_del.php
+++ b/interface/web/admin/software_package_del.php
@@ -36,6 +36,9 @@ $app->auth->check_module_permissions('admin');
$app->auth->check_security_permissions('admin_allow_software_packages');
if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
+// Check CSRF Token
+$app->auth->csrf_token_check('GET');
+
$software_update_inst_id = $app->functions->intval($_GET['software_update_inst_id']);
if($software_update_inst_id > 0) {
diff --git a/interface/web/admin/software_package_install.php b/interface/web/admin/software_package_install.php
index ccbfd73ebe6e2c3411f1a1fa32dd579c06b45ccd..6a5326d51a1bed56d1d1b2faf862d8aa38533f3d 100644
--- a/interface/web/admin/software_package_install.php
+++ b/interface/web/admin/software_package_install.php
@@ -38,6 +38,13 @@ $app->auth->check_security_permissions('admin_allow_software_packages');
//* This is only allowed for administrators
if(!$app->auth->is_admin()) die('only allowed for administrators.');
+// Check CSRF Token
+if(count($_POST) > 0) {
+ $app->auth->csrf_token_check('POST');
+} else {
+ $app->auth->csrf_token_check('GET');
+}
+
$package_name = $_REQUEST['package'];
$install_server_id = $app->functions->intval($_REQUEST['server_id']);
$install_key = trim($_REQUEST['install_key']);
diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php
index b6664d4234ce27fdfc398877ad77e31f80d7e181..8a21696c7f398600ba7083b3f95d3e8f548de825 100644
--- a/interface/web/admin/software_package_list.php
+++ b/interface/web/admin/software_package_list.php
@@ -145,6 +145,9 @@ $app->uses('tpl');
$app->tpl->newTemplate("form.tpl.htm");
$app->tpl->setInclude('content_tpl', 'templates/software_package_list.htm');
+$csrf_token = $app->auth->csrf_token_get('software_package_list');
+$_csrf_id = $csrf_token['csrf_id'];
+$_csrf_key = $csrf_token['csrf_key'];
$servers = $app->db->queryAllRecords('SELECT server_id, server_name FROM server ORDER BY server_name');
$packages = $app->db->queryAllRecords('SELECT * FROM software_package');
@@ -167,12 +170,14 @@ if(is_array($packages) && count($packages) > 0) {
if($p['package_installable'] == 'no') {
$installed_txt .= $s['server_name'].": ".$app->lng("Package can not be installed.")."
";
} else {
- $installed_txt .= $s['server_name'].": Install now
";
+ $installed_txt .= $s['server_name'].": Install now
";
}
}
}
$packages[$key]['software_update_inst_id'] = intval($inst['software_update_inst_id']);
$packages[$key]['installed'] = $installed_txt;
+ $packages[$key]['csrf_id'] = $_csrf_id;
+ $packages[$key]['csrf_key'] = $_csrf_key;
}
$app->tpl->setVar('has_packages', 1);
} else {
diff --git a/interface/web/admin/templates/software_package_list.htm b/interface/web/admin/templates/software_package_list.htm
index 31969c0575543e91949f3219df0c32b72256f3b6..e69e3780af4e3ccff25906c9a5867f46b8b19f5c 100644
--- a/interface/web/admin/templates/software_package_list.htm
+++ b/interface/web/admin/templates/software_package_list.htm
@@ -33,7 +33,7 @@