mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
52a7df2b3a
Add the CSRF token to all forms, and validate it when those forms are submitted. https://sourceforge.net/p/postfixadmin/bugs/372/ git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1842 a1433add-5e2c-0410-b055-b7f2511e0802
40 lines
1.3 KiB
Smarty
40 lines
1.3 KiB
Smarty
<div id="edit_form">
|
|
<form name="password" method="post" action="">
|
|
<input class="flat" type="hidden" name="token" value="{$smarty.session.PFA_token|escape:"url"}" />
|
|
<table>
|
|
<tr>
|
|
<th colspan="3">{$PALANG.pPassword_welcome}</th>
|
|
</tr>
|
|
<tr>
|
|
<td class="label"><label>{$PALANG.pPassword_admin}:</label></td>
|
|
<td><em>{$SESSID_USERNAME}</em></td>
|
|
<td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="label"><label>{$PALANG.pPassword_password_current}:</label></td>
|
|
<td><input class="flat" type="password" name="fPassword_current" /></td>
|
|
<td class="error_msg">{$pPassword_password_current_text}</td>
|
|
</tr>
|
|
<tr>
|
|
<td class="label"><label>{$PALANG.pPassword_password}:</label></td>
|
|
<td><input class="flat" type="password" name="fPassword" /></td>
|
|
<td class="error_msg">{$pPassword_password_text}</td>
|
|
</tr>
|
|
<tr>
|
|
<td class="label"><label>{$PALANG.pPassword_password2}:</label></td>
|
|
<td><input class="flat" type="password" name="fPassword2" /></td>
|
|
<td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="label"> </td>
|
|
<td>
|
|
<input class="button" type="submit" name="submit" value="{$PALANG.change_password}" />
|
|
{if $authentication_has_role.user}
|
|
<input class="button" type="submit" name="fCancel" value="{$PALANG.exit}" />
|
|
{/if}
|
|
<td> </td>
|
|
</tr>
|
|
</table>
|
|
</form>
|
|
</div>
|