[pve-devel] r5754 - in pve-manager/trunk: . debian www/root/openvz www/root/qemu

svn-commits at proxmox.com svn-commits at proxmox.com
Fri Mar 25 08:58:39 CET 2011


Author: dietmar
Date: 2011-03-25 08:58:39 +0100 (Fri, 25 Mar 2011)
New Revision: 5754

Modified:
   pve-manager/trunk/ChangeLog
   pve-manager/trunk/configure.in
   pve-manager/trunk/debian/changelog.Debian
   pve-manager/trunk/www/root/openvz/index.htm
   pve-manager/trunk/www/root/qemu/index.htm
Log:


Modified: pve-manager/trunk/ChangeLog
===================================================================
--- pve-manager/trunk/ChangeLog	2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/ChangeLog	2011-03-25 07:58:39 UTC (rev 5754)
@@ -1,3 +1,9 @@
+2011-03-25  Proxmox Support Team  <support at proxmox.com>
+
+	* www/root/qemu/index.htm: add anti CSRF token for destroy link.
+
+	* www/root/system/reboot.htm: add anti CSRF token
+
 2011-03-23  Proxmox Support Team  <support at proxmox.com>
 
 	* lib/PVE/HTMLForm.pm (create_footer): add anti CSRF token

Modified: pve-manager/trunk/configure.in
===================================================================
--- pve-manager/trunk/configure.in	2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/configure.in	2011-03-25 07:58:39 UTC (rev 5754)
@@ -4,7 +4,7 @@
 
 prefix=/usr
 
-PACKAGERELEASE=14
+PACKAGERELEASE=15
 AC_SUBST(PACKAGERELEASE)
 
 REPOID=`svnversion .`

Modified: pve-manager/trunk/debian/changelog.Debian
===================================================================
--- pve-manager/trunk/debian/changelog.Debian	2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/debian/changelog.Debian	2011-03-25 07:58:39 UTC (rev 5754)
@@ -1,3 +1,9 @@
+pve-manager (1.8-15) unstable; urgency=low
+
+  * further CSRF fixes
+
+ -- Proxmox Support Team <support at proxmox.com>  Fri, 25 Mar 2011 08:58:09 +0100
+
 pve-manager (1.8-14) unstable; urgency=low
 
   * protect against Cross Site Request Forgery (added anti-CSRF tokens)

Modified: pve-manager/trunk/www/root/openvz/index.htm
===================================================================
--- pve-manager/trunk/www/root/openvz/index.htm	2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/www/root/openvz/index.htm	2011-03-25 07:58:39 UTC (rev 5754)
@@ -6,6 +6,7 @@
  use PVE::HTMLTable;
  use PVE::Config;
  use PVE::Cluster;
+ use PVE::Utils;
  use PVE::HTMLForm;
  use PVE::HTMLControls;
  use PVE::HTMLUtils;
@@ -57,7 +58,8 @@
    my $msg = PVE::HTMLUtils::msg ('confirm_remove');
    $msg = sprintf ($msg, $veid);
 
-   my $href = "?action=destroy&cid=$cid&veid=$veid&type=openvz";
+   my $ptoken = PVE::Utils::get_page_token();
+   my $href = "?action=destroy&cid=$cid&veid=$veid&type=openvz&ptoken=$ptoken";
 
    print OUT PVE::HTMLUtils::create_confirmframe ($msg, __("Remove"), $href, $fdat{__uri});
 

Modified: pve-manager/trunk/www/root/qemu/index.htm
===================================================================
--- pve-manager/trunk/www/root/qemu/index.htm	2011-03-25 07:50:16 UTC (rev 5753)
+++ pve-manager/trunk/www/root/qemu/index.htm	2011-03-25 07:58:39 UTC (rev 5754)
@@ -8,6 +8,7 @@
  use PVE::Cluster;
  use PVE::HTMLForm;
  use PVE::HTMLControls;
+ use PVE::Utils;
  use PVE::HTMLUtils;
  use PVE::HTMLGrid;
 !]
@@ -51,7 +52,8 @@
    my $msg = PVE::HTMLUtils::msg ('confirm_remove');
    $msg = sprintf ($msg, $veid);
 
-   my $href = "?action=destroy&cid=$cid&veid=$veid&type=qemu";
+   my $ptoken = PVE::Utils::get_page_token();
+   my $href = "?action=destroy&cid=$cid&veid=$veid&type=qemu&ptoken=$ptoken";
 
    print OUT PVE::HTMLUtils::create_confirmframe ($msg, __("Remove"), $href, $fdat{__uri});
 



More information about the pve-devel mailing list