CSRF protection for appointment book

2015-05-27 23:26:36 +02:00 · 2015-05-27 23:26:36 +02:00 · f223ffa343
parent 101097886b
commit f223ffa343
2 changed files with 2 additions and 1 deletions
--- a/src/application/views/appointments/book.php
+++ b/src/application/views/appointments/book.php
@ -374,6 +374,7 @@
                                            : $this->lang->line('update');
                                ?>
                            </button>
+                            <input type="hidden" name="csrfToken" />
                            <input type="hidden" name="post_data" />
                        </form>
                    </div>
--- a/src/assets/js/frontend_book.js
+++ b/src/assets/js/frontend_book.js
@ -481,7 +481,7 @@ var FrontendBook = {
            postData['appointment']['id'] = GlobalVariables.appointmentData['id'];
            postData['customer']['id'] = GlobalVariables.customerData['id'];
        }
-        
+        $('input[name="csrfToken"]').val(GlobalVariables.csrfToken);
        $('input[name="post_data"]').val(JSON.stringify(postData));
    },