Commit 0a6fbdd8 authored by Fabian Franz's avatar Fabian Franz Committed by Franco Fichtner

make csrf error page translateable, fix HTML errors in csrf

(cherry picked from commit 2407fa01)
parent 6efcb135
......@@ -90,7 +90,7 @@ class LegacyCSRF
}
if ($this->is_html_output) {
$csrf = $this->newToken();
$inputtag = "<input type=\"hidden\" id=\"__opnsense_csrf\" name=\"{$csrf['key']}\" value=\"{$csrf['token']}\"\/>";
$inputtag = "<input type=\"hidden\" id=\"__opnsense_csrf\" name=\"{$csrf['key']}\" value=\"{$csrf['token']}\" />";
$buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . $inputtag, $buffer);
// csrf token for Ajax type requests
$script = "
......@@ -104,7 +104,7 @@ class LegacyCSRF
});
</script>
";
$buffer = str_ireplace('</head>', '</head>'.$script, $buffer);
$buffer = str_ireplace('</head>', $script.'</head>', $buffer);
}
return $buffer;
}
......@@ -114,11 +114,12 @@ $LegacyCSRFObject = new LegacyCSRF();
if ($_SERVER['REQUEST_METHOD'] !== 'GET' && !$LegacyCSRFObject->checkToken()) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
echo "<html><head><title>CSRF check failed</title></head>
echo sprintf("<html><head><title>%s</title></head>
<body>
<p>CSRF check failed. Your form session may have expired, or you may not have
cookies enabled.</p>
</body></html>
";
<p>%s</p>
</body></html>",
gettext('CSRF check failed'),
gettext('CSRF check failed. Your form session may have expired, or you may not have cookies enabled.')
);
die;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment