Mascali
/
raspisms
mirror of https://github.com/RaspbianFrance/raspisms.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #6 from dam09fr/patch-csrf 

Patch csrf in user profile
This commit is contained in:
RaspbianFrance 2015-04-27 16:54:34 +02:00
parent 538d242f18 2cd9ddf8b7
commit 9fabf1eaac
2 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
model/DataBase.php
View File

@ -1084,9 +1084,6 @@
'admin' => $admin, 'admin' => $admin,
); );
$req = $this->bdd->prepare($query);
$req->execute($params);
return $this->runQuery($query, $params, self::ROWCOUNT); return $this->runQuery($query, $params, self::ROWCOUNT);
} }

6
templates/profile.php
View File

@ -49,7 +49,7 @@
<h4 class="panel-title"><i class="fa fa-key fa-fw"></i> Modifier mot de passe</h4> <h4 class="panel-title"><i class="fa fa-key fa-fw"></i> Modifier mot de passe</h4>
</div> </div>
<div class="panel-body"> <div class="panel-body">
<form action="<?php echo $this->generateUrl('profile', 'changePassword'); ?>" method="POST"> <form action="<?php echo $this->generateUrl('profile', 'changePassword', array('csrf' => $_SESSION['csrf'])); ?>" method="POST">
<div class="form-group"> <div class="form-group">
<label>Mot de passe :</label> <label>Mot de passe :</label>
<input name="password" type="password" class="form-control" placeholder="Nouveau mot de passe" /> <input name="password" type="password" class="form-control" placeholder="Nouveau mot de passe" />
@ -71,7 +71,7 @@
<h4 class="panel-title"><i class="fa fa-at fa-fw"></i> Modifier e-mail</h4> <h4 class="panel-title"><i class="fa fa-at fa-fw"></i> Modifier e-mail</h4>
</div> </div>
<div class="panel-body"> <div class="panel-body">
<form action="<?php echo $this->generateUrl('profile', 'changeEmail'); ?>" method="POST"> <form action="<?php echo $this->generateUrl('profile', 'changeEmail', array('csrf' => $_SESSION['csrf'])); ?>" method="POST">
<div class="form-group"> <div class="form-group">
<label>Adresse e-mail :</label> <label>Adresse e-mail :</label>
<input name="mail" type="email" class="form-control" placeholder="Nouvelle adresse e-mail" /> <input name="mail" type="email" class="form-control" placeholder="Nouvelle adresse e-mail" />
@ -91,7 +91,7 @@
<h4 class="panel-title"><i class="fa fa-delete fa-fw"></i> Supprimer ce compte</h4> <h4 class="panel-title"><i class="fa fa-delete fa-fw"></i> Supprimer ce compte</h4>
</div> </div>
<div class="panel-body"> <div class="panel-body">
<form action="<?php echo $this->generateUrl('profile', 'delete'); ?>" method="POST"> <form action="<?php echo $this->generateUrl('profile', 'delete', array('csrf' => $_SESSION['csrf'])); ?>" method="POST">
<div class="checkbox"> <div class="checkbox">
<label> <label>
<input name="delete_account" type="checkbox" value="1" /> Je suis totalement sûr de vouloir supprimer ce compte <input name="delete_account" type="checkbox" value="1" /> Je suis totalement sûr de vouloir supprimer ce compte