mirror of
https://github.com/alextselegidis/easyappointments.git
synced 2024-11-25 17:33:19 +03:00
Added CSRF protection to frontend (reported by Henri Salo)
This commit is contained in:
parent
914d3af8c2
commit
1f73e7fcbc
3 changed files with 6 additions and 3 deletions
|
@ -330,9 +330,9 @@ $config['global_xss_filtering'] = TRUE;
|
|||
| 'csrf_cookie_name' = The cookie name
|
||||
| 'csrf_expire' = The number in seconds the token should expire.
|
||||
*/
|
||||
$config['csrf_protection'] = FALSE;
|
||||
$config['csrf_token_name'] = 'csrf_test_name';
|
||||
$config['csrf_cookie_name'] = 'csrf_cookie_name';
|
||||
$config['csrf_protection'] = TRUE;
|
||||
$config['csrf_token_name'] = 'csrfToken';
|
||||
$config['csrf_cookie_name'] = 'csrfCookie';
|
||||
$config['csrf_expire'] = 7200;
|
||||
|
||||
/*
|
||||
|
|
|
@ -78,6 +78,7 @@
|
|||
appointmentData : <?php echo json_encode($appointment_data); ?>,
|
||||
providerData : <?php echo json_encode($provider_data); ?>,
|
||||
customerData : <?php echo json_encode($customer_data); ?>,
|
||||
csrfToken : <?php echo json_encode($this->security->get_csrf_hash()); ?>
|
||||
};
|
||||
|
||||
var EALang = <?php echo json_encode($this->lang->language); ?>;
|
||||
|
|
|
@ -247,6 +247,7 @@ var FrontendBook = {
|
|||
var formData = jQuery.parseJSON($('input[name="post_data"]').val());
|
||||
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'id_users_provider': formData['appointment']['id_users_provider'],
|
||||
'id_services': formData['appointment']['id_services'],
|
||||
'start_datetime': formData['appointment']['start_datetime'],
|
||||
|
@ -309,6 +310,7 @@ var FrontendBook = {
|
|||
? GlobalVariables.appointmentData['id'] : undefined;
|
||||
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'service_id': $('#select-service').val(),
|
||||
'provider_id': $('#select-provider').val(),
|
||||
'selected_date': selDate,
|
||||
|
|
Loading…
Reference in a new issue