http://bugs.cacert.org/view.php?id=608

16 years ago · 59c01c20da
parent 2ac4f9e878
commit 59c01c20da
14 changed files with 15 additions and 1 deletions
--- a/pages/account/1.php
+++ b/pages/account/1.php
@ -30,5 +30,6 @@
  </tr>
 </table>     
 <input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('addemail')?>" />
 </form> 
 <p><?=_("Currently we only issue certificates for Punycode domains if the person requesting them has code signing attributes attached to their account, as these have potentially slightly higher security risk.")?></p>
--- a/pages/account/12.php
+++ b/pages/account/12.php
@ -85,5 +85,6 @@
 <? } ?>
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" />
 </form>
 <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
--- a/pages/account/13.php
+++ b/pages/account/13.php
@ -148,5 +148,6 @@
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
  </tr>
 </table>
+<input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" />
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
--- a/pages/account/14.php
+++ b/pages/account/14.php
@ -41,5 +41,6 @@
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Pass Phrase")?>"></td>
  </tr>
 </table>
+<input type="hidden" name="csrf" value="<?=make_csrf('pwchange')?>" />
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
--- a/pages/account/18.php
+++ b/pages/account/18.php
@ -89,5 +89,6 @@
 <? } ?>
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
 </form>
 <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
--- a/pages/account/2.php
+++ b/pages/account/2.php
@ -54,6 +54,7 @@
  </tr>
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('chgdef')?>" />
 </form>
 <p>
 <?=_("Please Note: You can not set an unverified account as a default account, and you can not remove a default account. To remove the default account you must set another verified account as the default.")?>
--- a/pages/account/22.php
+++ b/pages/account/22.php
@ -85,5 +85,6 @@
 <? } ?>
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('orgsrvcerchange')?>" />
 </form>
 <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
--- a/pages/account/27.php
+++ b/pages/account/27.php
@ -53,5 +53,5 @@
 </table>
 <input type="hidden" name="oldid" value="<?=intval($id)?>">
 <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
-
+<input type="hidden" name="csrf" value="<?=make_csrf('orgdetchange')?>" />
 </form>
--- a/pages/account/33.php
+++ b/pages/account/33.php
@ -51,4 +51,5 @@
  </tr>
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('orgadmadd')?>" />
 </form>
--- a/pages/account/41.php
+++ b/pages/account/41.php
@ -42,6 +42,7 @@ echo $_SESSION['_config']['language'];
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
 <input type="hidden" name="action" value="default">
+<input type="hidden" name="csrf" value="<?=make_csrf('mainlang')?>" />
 </form>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
@ -82,4 +83,5 @@ echo $_SESSION['_config']['language'];
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
 <input type="hidden" name="action" value="addsec">
+<input type="hidden" name="csrf" value="<?=make_csrf('seclang')?>" />
 </form>
--- a/pages/account/5.php
+++ b/pages/account/5.php
@ -108,6 +108,7 @@
 <? } ?>
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
 </form>
 <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
 <p><?=_("Login").": "._("By allowing certificate login, this certificate can be used to login into your account at https://secure.cacert.org/ .")?></p>
--- a/pages/account/7.php
+++ b/pages/account/7.php
@ -32,5 +32,6 @@
  </tr>
 </table>     
 <input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('adddomain')?>" />
 </form>
 <p><?=_("Currently we only issue certificates for Punycode domains if the person requesting them has code signing attributes attached to their account, as these have potentially slightly higher security risk.")?></p>
--- a/pages/account/8.php
+++ b/pages/account/8.php
@ -33,5 +33,6 @@
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Probe")?>"></td>
  </tr>
 </table>
+<input type="hidden" name="csrf" value="<?=make_csrf('ctcinfo')?>" />
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
--- a/pages/wot/8.php
+++ b/pages/wot/8.php
@ -39,5 +39,6 @@
  </tr>
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="csrf" value="<?=make_csrf('chgcontact')?>" />
 </form>
 <p><?=_("Please note: All html will be stripped from the contact information box, a link to an email form will automatically be inserted to ensure your privacy.")?></p>