Added CSRF protection to frontend (reported by Henri Salo)
This commit is contained in:
parent
914d3af8c2
commit
1f73e7fcbc
3 changed files with 6 additions and 3 deletions
|
@ -330,9 +330,9 @@ $config['global_xss_filtering'] = TRUE;
|
||||||
| 'csrf_cookie_name' = The cookie name
|
| 'csrf_cookie_name' = The cookie name
|
||||||
| 'csrf_expire' = The number in seconds the token should expire.
|
| 'csrf_expire' = The number in seconds the token should expire.
|
||||||
*/
|
*/
|
||||||
$config['csrf_protection'] = FALSE;
|
$config['csrf_protection'] = TRUE;
|
||||||
$config['csrf_token_name'] = 'csrf_test_name';
|
$config['csrf_token_name'] = 'csrfToken';
|
||||||
$config['csrf_cookie_name'] = 'csrf_cookie_name';
|
$config['csrf_cookie_name'] = 'csrfCookie';
|
||||||
$config['csrf_expire'] = 7200;
|
$config['csrf_expire'] = 7200;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -78,6 +78,7 @@
|
||||||
appointmentData : <?php echo json_encode($appointment_data); ?>,
|
appointmentData : <?php echo json_encode($appointment_data); ?>,
|
||||||
providerData : <?php echo json_encode($provider_data); ?>,
|
providerData : <?php echo json_encode($provider_data); ?>,
|
||||||
customerData : <?php echo json_encode($customer_data); ?>,
|
customerData : <?php echo json_encode($customer_data); ?>,
|
||||||
|
csrfToken : <?php echo json_encode($this->security->get_csrf_hash()); ?>
|
||||||
};
|
};
|
||||||
|
|
||||||
var EALang = <?php echo json_encode($this->lang->language); ?>;
|
var EALang = <?php echo json_encode($this->lang->language); ?>;
|
||||||
|
|
|
@ -247,6 +247,7 @@ var FrontendBook = {
|
||||||
var formData = jQuery.parseJSON($('input[name="post_data"]').val());
|
var formData = jQuery.parseJSON($('input[name="post_data"]').val());
|
||||||
|
|
||||||
var postData = {
|
var postData = {
|
||||||
|
'csrfToken': GlobalVariables.csrfToken,
|
||||||
'id_users_provider': formData['appointment']['id_users_provider'],
|
'id_users_provider': formData['appointment']['id_users_provider'],
|
||||||
'id_services': formData['appointment']['id_services'],
|
'id_services': formData['appointment']['id_services'],
|
||||||
'start_datetime': formData['appointment']['start_datetime'],
|
'start_datetime': formData['appointment']['start_datetime'],
|
||||||
|
@ -309,6 +310,7 @@ var FrontendBook = {
|
||||||
? GlobalVariables.appointmentData['id'] : undefined;
|
? GlobalVariables.appointmentData['id'] : undefined;
|
||||||
|
|
||||||
var postData = {
|
var postData = {
|
||||||
|
'csrfToken': GlobalVariables.csrfToken,
|
||||||
'service_id': $('#select-service').val(),
|
'service_id': $('#select-service').val(),
|
||||||
'provider_id': $('#select-provider').val(),
|
'provider_id': $('#select-provider').val(),
|
||||||
'selected_date': selDate,
|
'selected_date': selDate,
|
||||||
|
|
Loading…
Reference in a new issue