Skip to content

O
OpnSense
Commit f89f1b34 authored by Ad Schellevis's avatar Ad Schellevis Committed by GitHub
Browse files
Options

Merge pull request #1453 from fabianfrz/csrf_fixes 

make csrf error page translateable, fix HTML errors in csrf.inc
parents c7f46324 2407fa01
Show whitespace changes
Inline Side-by-side
Showing with 9 additions and 8 deletions
src/www/csrf.inc
View file @ f89f1b34
......@@ -90,7 +90,7 @@ class LegacyCSRF
}
if ($this->is_html_output) {
$csrf = $this->newToken();
$inputtag = "<input type=\"hidden\" id=\"__opnsense_csrf\" name=\"{$csrf['key']}\" value=\"{$csrf['token']}\"\/>";
$inputtag = "<input type=\"hidden\" id=\"__opnsense_csrf\" name=\"{$csrf['key']}\" value=\"{$csrf['token']}\" />";
$buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . $inputtag, $buffer);
// csrf token for Ajax type requests
$script = "
......@@ -104,7 +104,7 @@ class LegacyCSRF
});
</script>
";
$buffer = str_ireplace('</head>', '</head>'.$script, $buffer);
$buffer = str_ireplace('</head>', $script.'</head>', $buffer);
}
return $buffer;
}
......@@ -114,11 +114,12 @@ $LegacyCSRFObject = new LegacyCSRF();
if ($_SERVER['REQUEST_METHOD'] !== 'GET' && !$LegacyCSRFObject->checkToken()) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
echo "<html><head><title>CSRF check failed</title></head>
echo sprintf("<html><head><title>%s</title></head>
<body>
<p>CSRF check failed. Your form session may have expired, or you may not have
cookies enabled.</p>
</body></html>
";
<p>%s</p>
</body></html>",
gettext('CSRF check failed'),
gettext('CSRF check failed. Your form session may have expired, or you may not have cookies enabled.')
);
die;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023