From 5af0cfd99a13fda9afad3380b0c50a3428acd299 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 03 Jun 2015 12:14:07 -0400
Subject: [PATCH] Extended the CSRF check.

---
 interface/web/js/scrigo.js.php |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/interface/web/js/scrigo.js.php b/interface/web/js/scrigo.js.php
index 4e51cd5..18c0885 100644
--- a/interface/web/js/scrigo.js.php
+++ b/interface/web/js/scrigo.js.php
@@ -1,5 +1,4 @@
 <?php
-session_start();
 include '../../lib/config.inc.php';
 header('Content-Type: text/javascript; charset=utf-8'); // the config file sets the content type header so we have to override it here!
 require_once '../../lib/app.inc.php';
@@ -438,6 +437,8 @@
 }
 
 function changeTab(tab,target,force) {
+	if(requestsRunning > 0) return false;
+	
 	//document.forms[0].next_tab.value = tab;
 	document.pageForm.next_tab.value = tab;
 
@@ -809,7 +810,7 @@
 	oldPWField.remove();
 	var pword = password(<?php echo $min_password_length; ?>, false, 1);
 	jQuery('#'+repeatPasswordFieldID).val(pword);
-	newPWField.attr('id', passwordFieldID).val(pword).trigger('keyup');
+	newPWField.attr('id', passwordFieldID).val(pword).trigger('keyup').select();
 }
 
 var funcDisableClick = function(e) { e.preventDefault(); return false; };

--
Gitblit v1.9.1