vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 15:39:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Added fixes to avoid users to be manipulated with invalid CSRF token

Browse source
This commit is contained in:
Luca 2017-01-12 10:10:20 -08:00
parent ada218c00e
commit 1b2ceac8f5
4 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/lua/admin/add_user.lua
View file

@ -8,6 +8,7 @@ require "lua_utils"
sendHTTPHeader('text/html; charset=iso-8859-1')
if(_GET["csrf"] ~= nil) then
if(haveAdminPrivileges()) then
username = _GET["username"]
full_name = _GET["full_name"]
@ -33,3 +34,4 @@ if(haveAdminPrivileges()) then
print ("{ \"result\" : -1, \"message\" : \"Error while adding new user\" }")
end
end
end