From b30608cd310cba1172876bb8fa4a67de5c492080 Mon Sep 17 00:00:00 2001 From: Nate Date: Tue, 17 Sep 2019 21:49:02 -0600 Subject: [PATCH] Call Block: Token integration. --- app/call_block/call_block_cdr_add.php | 4 ++-- app/call_block/call_block_edit.php | 16 +++++++++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/app/call_block/call_block_cdr_add.php b/app/call_block/call_block_cdr_add.php index eb82e7d0b9..539572f2a7 100644 --- a/app/call_block/call_block_cdr_add.php +++ b/app/call_block/call_block_cdr_add.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2018 + Portions created by the Initial Developer are Copyright (C) 2008-2019 the Initial Developer. All Rights Reserved. Contributor(s): @@ -108,4 +108,4 @@ //redirect the browser header("Location: call_block.php"); -?> +?> \ No newline at end of file diff --git a/app/call_block/call_block_edit.php b/app/call_block/call_block_edit.php index d4543e1cd1..22ec40babf 100644 --- a/app/call_block/call_block_edit.php +++ b/app/call_block/call_block_edit.php @@ -91,6 +91,14 @@ //$call_block_uuid = check_str($_POST["call_block_uuid"]); } + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: call_block.php'); + exit; + } + //check for all required data if (strlen($call_block_name) == 0) { $msg .= $text['label-provide-name']."
\n"; } if ($action == "add") { @@ -226,6 +234,10 @@ unset($sql, $parameters, $row); } +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + //show the header require_once "resources/header.php"; @@ -345,6 +357,7 @@ if ($action == "update") { echo " \n"; } + echo " \n"; echo "
"; echo " \n"; echo " \n"; @@ -453,4 +466,5 @@ //include the footer require_once "resources/footer.php"; -?> + +?> \ No newline at end of file