Added csrf token to html forms

Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
master
Andrew DeMaria 8 years ago
parent d5ccb9bb78
commit cf849ee948
No known key found for this signature in database
GPG Key ID: 0A3F5E91F8364EDF
  1. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/albumMain.jsp
  2. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/artistMain.jsp
  3. 2
      libresonic-main/src/main/webapp/WEB-INF/jsp/changeCoverArt.jsp
  4. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/db.jsp
  5. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/dlnaSettings.jsp
  6. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/importPlaylist.jsp
  7. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/internetRadioSettings.jsp
  8. 2
      libresonic-main/src/main/webapp/WEB-INF/jsp/more.jsp
  9. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/personalSettings.jsp
  10. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp
  11. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/shareSettings.jsp
  12. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/sonosSettings.jsp
  13. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/top.jsp
  14. 1
      libresonic-main/src/main/webapp/WEB-INF/jsp/transcodingSettings.jsp

@ -278,6 +278,7 @@
<div id="commentForm" style="display:none"> <div id="commentForm" style="display:none">
<form method="post" action="setMusicFileInfo.view"> <form method="post" action="setMusicFileInfo.view">
<sec:csrfInput />
<input type="hidden" name="action" value="comment"> <input type="hidden" name="action" value="comment">
<input type="hidden" name="id" value="${model.dir.id}"> <input type="hidden" name="id" value="${model.dir.id}">
<textarea name="comment" rows="6" cols="70">${model.dir.comment}</textarea> <textarea name="comment" rows="6" cols="70">${model.dir.comment}</textarea>

@ -208,6 +208,7 @@
<div id="commentForm" style="display:none"> <div id="commentForm" style="display:none">
<form method="post" action="setMusicFileInfo.view"> <form method="post" action="setMusicFileInfo.view">
<sec:csrfInput />
<input type="hidden" name="action" value="comment"> <input type="hidden" name="action" value="comment">
<input type="hidden" name="id" value="${model.dir.id}"> <input type="hidden" name="id" value="${model.dir.id}">
<textarea name="comment" rows="6" cols="70">${model.dir.comment}</textarea> <textarea name="comment" rows="6" cols="70">${model.dir.comment}</textarea>

@ -91,6 +91,7 @@
<body class="mainframe bgcolor1" onload="search()"> <body class="mainframe bgcolor1" onload="search()">
<h1><fmt:message key="changecoverart.title"/></h1> <h1><fmt:message key="changecoverart.title"/></h1>
<form action="javascript:search()"> <form action="javascript:search()">
<sec:csrfInput />
<table class="indent"><tr> <table class="indent"><tr>
<td><input id="artist" name="artist" placeholder="<fmt:message key="changecoverart.artist"/>" size="35" type="text" value="${model.artist}" onclick="select()"/></td> <td><input id="artist" name="artist" placeholder="<fmt:message key="changecoverart.artist"/>" size="35" type="text" value="${model.artist}" onclick="select()"/></td>
<td><input id="album" name="album" placeholder="<fmt:message key="changecoverart.album"/>" size="35" type="text" value="${model.album}" onclick="select()"/></td> <td><input id="album" name="album" placeholder="<fmt:message key="changecoverart.album"/>" size="35" type="text" value="${model.album}" onclick="select()"/></td>
@ -99,6 +100,7 @@
</form> </form>
<form action="javascript:setImage(dwr.util.getValue('url'))"> <form action="javascript:setImage(dwr.util.getValue('url'))">
<sec:csrfInput />
<table><tr> <table><tr>
<td><label for="url"><fmt:message key="changecoverart.address"/></label></td> <td><label for="url"><fmt:message key="changecoverart.address"/></label></td>
<td style="padding-left:0.5em"><input type="text" name="url" size="50" id="url" value="http://" onclick="select()"/></td> <td style="padding-left:0.5em"><input type="text" name="url" size="50" id="url" value="http://" onclick="select()"/></td>

@ -7,6 +7,7 @@
<h1>Database query</h1> <h1>Database query</h1>
<form method="post" action="db.view"> <form method="post" action="db.view">
<sec:csrfInput />
<textarea rows="10" cols="80" id="query" name="query" style="margin-top:1em">${model.query}</textarea> <textarea rows="10" cols="80" id="query" name="query" style="margin-top:1em">${model.query}</textarea>
<input type="submit" value="<fmt:message key="common.ok"/>"> <input type="submit" value="<fmt:message key="common.ok"/>">
</form> </form>

@ -34,6 +34,7 @@
</c:import> </c:import>
<form method="post" action="dlnaSettings.view"> <form method="post" action="dlnaSettings.view">
<sec:csrfInput />
<div> <div>
<input type="checkbox" name="dlnaEnabled" id="dlnaEnabled" class="checkbox" <input type="checkbox" name="dlnaEnabled" id="dlnaEnabled" class="checkbox"

@ -30,6 +30,7 @@
<fmt:message key="importPlaylist.text"/> <fmt:message key="importPlaylist.text"/>
</div> </div>
<form method="post" enctype="multipart/form-data" action="importPlaylist.view"> <form method="post" enctype="multipart/form-data" action="importPlaylist.view">
<sec:csrfInput />
<input type="file" id="file" name="file" size="40"/> <input type="file" id="file" name="file" size="40"/>
<input type="submit" value="<fmt:message key="common.ok"/>"/> <input type="submit" value="<fmt:message key="common.ok"/>"/>
</form> </form>

@ -12,6 +12,7 @@
</c:import> </c:import>
<form method="post" action="internetRadioSettings.view"> <form method="post" action="internetRadioSettings.view">
<sec:csrfInput />
<table class="indent"> <table class="indent">
<tr> <tr>
<th><fmt:message key="internetradiosettings.name"/></th> <th><fmt:message key="internetradiosettings.name"/></th>

@ -122,6 +122,7 @@
</h2> </h2>
<form id="randomPlayQueue" method="post" action="randomPlayQueue.view?"> <form id="randomPlayQueue" method="post" action="randomPlayQueue.view?">
<sec:csrfInput />
<table> <table>
<tr> <tr>
<td><fmt:message key="more.random.text"/></td> <td><fmt:message key="more.random.text"/></td>
@ -291,6 +292,7 @@
</h2> </h2>
<form method="post" enctype="multipart/form-data" action="upload.view"> <form method="post" enctype="multipart/form-data" action="upload.view">
<sec:csrfInput />
<table> <table>
<tr> <tr>
<td><fmt:message key="more.upload.source"/></td> <td><fmt:message key="more.upload.source"/></td>

@ -241,6 +241,7 @@
</form:form> </form:form>
<form method="post" enctype="multipart/form-data" action="avatarUpload.view"> <form method="post" enctype="multipart/form-data" action="avatarUpload.view">
<sec:csrfInput />
<table> <table>
<tr> <tr>
<td style="padding-right:1em"><fmt:message key="personalsettings.avatar.changecustom"/></td> <td style="padding-right:1em"><fmt:message key="personalsettings.avatar.changecustom"/></td>

@ -8,6 +8,7 @@
<body class="mainframe bgcolor1" onload="document.getElementById('usernameOrEmail').focus()"> <body class="mainframe bgcolor1" onload="document.getElementById('usernameOrEmail').focus()">
<form action="recover.view" method="POST"> <form action="recover.view" method="POST">
<sec:csrfInput />
<div class="bgcolor2 shadow" style="padding:20px 50px 20px 50px; margin-top:100px;margin-left:50px;margin-right:50px"> <div class="bgcolor2 shadow" style="padding:20px 50px 20px 50px; margin-top:100px;margin-left:50px;margin-right:50px">
<div style="margin-left: auto; margin-right: auto; width: 45em"> <div style="margin-left: auto; margin-right: auto; width: 45em">

@ -14,6 +14,7 @@
</c:import> </c:import>
<form method="post" action="shareSettings.view"> <form method="post" action="shareSettings.view">
<sec:csrfInput />
<table class="music indent"> <table class="music indent">
<tr> <tr>

@ -34,6 +34,7 @@
</c:import> </c:import>
<form method="post" action="sonosSettings.view"> <form method="post" action="sonosSettings.view">
<sec:csrfInput />
<div> <div>
<input type="checkbox" name="sonosEnabled" id="sonosEnabled" class="checkbox" <input type="checkbox" name="sonosEnabled" id="sonosEnabled" class="checkbox"

@ -125,6 +125,7 @@
<td style="padding-left:1em"> <td style="padding-left:1em">
<form method="post" action="search.view" target="main" name="searchForm"> <form method="post" action="search.view" target="main" name="searchForm">
<sec:csrfInput />
<td><input type="text" name="query" id="query" size="28" placeholder="${search}" onclick="select();" <td><input type="text" name="query" id="query" size="28" placeholder="${search}" onclick="select();"
onkeyup="triggerInstantSearch();"></td> onkeyup="triggerInstantSearch();"></td>
<td><a href="javascript:document.searchForm.submit()"><img src="<spring:theme code="searchImage"/>" alt="${search}" title="${search}"></a></td> <td><a href="javascript:document.searchForm.submit()"><img src="<spring:theme code="searchImage"/>" alt="${search}" title="${search}"></a></td>

@ -14,6 +14,7 @@
</c:import> </c:import>
<form method="post" action="transcodingSettings.view"> <form method="post" action="transcodingSettings.view">
<sec:csrfInput />
<table class="indent"> <table class="indent">
<tr> <tr>
<th><fmt:message key="transcodingsettings.name"/></th> <th><fmt:message key="transcodingsettings.name"/></th>

Loading…
Cancel
Save