vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 23:49:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Added fixes to avoid users to be manipulated with invalid CSRF token

Browse source
This commit is contained in:
Luca 2017-01-12 10:10:20 -08:00
parent ada218c00e
commit 1b2ceac8f5
4 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/lua/admin/change_user_prefs.lua
View file

@ -8,6 +8,7 @@ require "lua_utils"
sendHTTPHeader('application/json')
if(_GET["csrf"] ~= nil) then
username = _GET["username"]
host_role = _GET["host_role"]
networks = _GET["networks"]
@ -40,3 +41,4 @@ if(allowed_interface ~= nil) then
end
print ("{ \"result\" : 0, \"message\" : \"Parameters Updated\" }")
end