vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 07:29:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix CSRF issues

Browse source
This commit is contained in:
emanuele-f 2016-11-18 20:45:01 +01:00
parent 88ad118f47
commit 330ea6f017
2 changed files with 29 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

18
scripts/lua/modules/lua_utils.lua
View file

@ -2333,6 +2333,24 @@ function jsRedirect(subpage, withoutTag)
if not withoutTag then print("</script>") end
end
-- Add a form submit lister to add the CRSF on form submit
-- The form listener will not intercept plain 'onsubmit' html field
function jsFormCSRF(formid, withoutTag)
local html = "";
if not withoutTag then html = html .. "<script>" end
html = html .. [[$('#]] .. formid .. [[').submit(function(e) {
$('<input>').attr({
type: "hidden",
name: "csrf",
value: "]] .. (ntop.getRandomCSRFValue()) .. [["
}).appendTo($('#]] .. formid .. [['));
});
]]
if not withoutTag then html = html .. "</script>" end
return html
end
-- ####################################################
-- Compute the difference in seconds between local time and UTC.