Include headers lib & csrf hidden form field

To help protect against CSRF and clickjacking Also include hidden form field containing this for postback top.ICEcoder.csrf also set
2026-03-11 19:16:49 +01:00 · 2014-04-18 17:57:54 +01:00
parent 3d89af7e17
commit a3c0243772
13 changed files with 48 additions and 11 deletions
--- a/lib/settings-screen.php
+++ b/lib/settings-screen.php
@@ -1,4 +1,7 @@
-<?php include("settings.php");?>
+<?php
+include("headers.php");
+include("settings.php");
+?>
 <!DOCTYPE html>

 <html>
@@ -268,6 +271,7 @@ var validatePasswords = function() {

 </div>

+<input type="hidden" name="csrf" value="<?php echo $_SESSION["csrf"]; ?>">
 </form>

 </body>