From 582cbf7bde9cb4b0a881e10ed2ffed92dcbc1f8d Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 21 May 2015 04:13:11 -0400
Subject: [PATCH] - added csrf protection to tforms - possible sql injection in monitor sys_state

---
 interface/web/themes/default/templates/tabbed_form.tpl.htm |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/interface/web/themes/default/templates/tabbed_form.tpl.htm b/interface/web/themes/default/templates/tabbed_form.tpl.htm
index 08002d5..64f2a33 100644
--- a/interface/web/themes/default/templates/tabbed_form.tpl.htm
+++ b/interface/web/themes/default/templates/tabbed_form.tpl.htm
@@ -23,5 +23,7 @@
     <tmpl_dyninclude name="content_tpl">
 </div>
 
+<input type="hidden" name="_csrf_id" value="{tmpl_var name='_csrf_id'}" />
+<input type="hidden" name="_csrf_key" value="{tmpl_var name='_csrf_key'}" />
 <input type="hidden" name="next_tab" value="">
 <input type="hidden" name="phpsessid" value="{tmpl_var name='phpsessid'}">
\ No newline at end of file

--
Gitblit v1.9.1