[pve-devel] r5754 - in pve-manager/trunk: . debian www/root/openvz www/root/qemu
svn-commits at proxmox.com
svn-commits at proxmox.com
Fri Mar 25 08:58:39 CET 2011
Author: dietmar
Date: 2011-03-25 08:58:39 +0100 (Fri, 25 Mar 2011)
New Revision: 5754
Modified:
pve-manager/trunk/ChangeLog
pve-manager/trunk/configure.in
pve-manager/trunk/debian/changelog.Debian
pve-manager/trunk/www/root/openvz/index.htm
pve-manager/trunk/www/root/qemu/index.htm
Log:
Modified: pve-manager/trunk/ChangeLog
===================================================================
--- pve-manager/trunk/ChangeLog 2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/ChangeLog 2011-03-25 07:58:39 UTC (rev 5754)
@@ -1,3 +1,9 @@
+2011-03-25 Proxmox Support Team <support at proxmox.com>
+
+ * www/root/qemu/index.htm: add anti CSRF token for destroy link.
+
+ * www/root/system/reboot.htm: add anti CSRF token
+
2011-03-23 Proxmox Support Team <support at proxmox.com>
* lib/PVE/HTMLForm.pm (create_footer): add anti CSRF token
Modified: pve-manager/trunk/configure.in
===================================================================
--- pve-manager/trunk/configure.in 2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/configure.in 2011-03-25 07:58:39 UTC (rev 5754)
@@ -4,7 +4,7 @@
prefix=/usr
-PACKAGERELEASE=14
+PACKAGERELEASE=15
AC_SUBST(PACKAGERELEASE)
REPOID=`svnversion .`
Modified: pve-manager/trunk/debian/changelog.Debian
===================================================================
--- pve-manager/trunk/debian/changelog.Debian 2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/debian/changelog.Debian 2011-03-25 07:58:39 UTC (rev 5754)
@@ -1,3 +1,9 @@
+pve-manager (1.8-15) unstable; urgency=low
+
+ * further CSRF fixes
+
+ -- Proxmox Support Team <support at proxmox.com> Fri, 25 Mar 2011 08:58:09 +0100
+
pve-manager (1.8-14) unstable; urgency=low
* protect against Cross Site Request Forgery (added anti-CSRF tokens)
Modified: pve-manager/trunk/www/root/openvz/index.htm
===================================================================
--- pve-manager/trunk/www/root/openvz/index.htm 2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/www/root/openvz/index.htm 2011-03-25 07:58:39 UTC (rev 5754)
@@ -6,6 +6,7 @@
use PVE::HTMLTable;
use PVE::Config;
use PVE::Cluster;
+ use PVE::Utils;
use PVE::HTMLForm;
use PVE::HTMLControls;
use PVE::HTMLUtils;
@@ -57,7 +58,8 @@
my $msg = PVE::HTMLUtils::msg ('confirm_remove');
$msg = sprintf ($msg, $veid);
- my $href = "?action=destroy&cid=$cid&veid=$veid&type=openvz";
+ my $ptoken = PVE::Utils::get_page_token();
+ my $href = "?action=destroy&cid=$cid&veid=$veid&type=openvz&ptoken=$ptoken";
print OUT PVE::HTMLUtils::create_confirmframe ($msg, __("Remove"), $href, $fdat{__uri});
Modified: pve-manager/trunk/www/root/qemu/index.htm
===================================================================
--- pve-manager/trunk/www/root/qemu/index.htm 2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/www/root/qemu/index.htm 2011-03-25 07:58:39 UTC (rev 5754)
@@ -8,6 +8,7 @@
use PVE::Cluster;
use PVE::HTMLForm;
use PVE::HTMLControls;
+ use PVE::Utils;
use PVE::HTMLUtils;
use PVE::HTMLGrid;
!]
@@ -51,7 +52,8 @@
my $msg = PVE::HTMLUtils::msg ('confirm_remove');
$msg = sprintf ($msg, $veid);
- my $href = "?action=destroy&cid=$cid&veid=$veid&type=qemu";
+ my $ptoken = PVE::Utils::get_page_token();
+ my $href = "?action=destroy&cid=$cid&veid=$veid&type=qemu&ptoken=$ptoken";
print OUT PVE::HTMLUtils::create_confirmframe ($msg, __("Remove"), $href, $fdat{__uri});
More information about the pve-devel
mailing list