From aad102e6eda7073419981c578a46cbb9c979ff0d Mon Sep 17 00:00:00 2001 From: Nate Date: Thu, 19 Sep 2019 07:31:30 -0600 Subject: [PATCH] Recordings: Token integration. --- app/recordings/recording_edit.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/app/recordings/recording_edit.php b/app/recordings/recording_edit.php index 3463e62844..cc63213c6b 100644 --- a/app/recordings/recording_edit.php +++ b/app/recordings/recording_edit.php @@ -61,6 +61,14 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //get recording uuid to edit $recording_uuid = $_POST["recording_uuid"]; + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: recordings.php'); + exit; + } + //check for all required data $msg = ''; if (strlen($recording_filename) == 0) { $msg .= $text['label-edit-file']."
\n"; } @@ -128,6 +136,10 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { unset($sql, $parameters, $row); } +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + //show the header $document['title'] = $text['title-edit']; require_once "resources/header.php"; @@ -185,6 +197,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { echo " \n"; echo " \n"; echo " \n"; + echo " \n"; echo "
"; echo " \n"; echo " \n";