Commit 36fedef2 authored by Sympa authors's avatar Sympa authors Committed by IKEDA Soji
Browse files

tidyall.

parent 7c92c14c
......@@ -729,13 +729,13 @@ our %required_privileges = (
# as possible.
 
our %require_csrftoken = (
'add' => 1,
'confirm_action' => 1,
'del' => 1,
'move_user' => 1,
'savefile' => 1,
'setpasswd' => 1,
'setpref' => 1,
'add' => 1,
'confirm_action' => 1,
'del' => 1,
'move_user' => 1,
'savefile' => 1,
'setpasswd' => 1,
'setpref' => 1,
);
 
# this definition is used to choose the left side menu type (admin ->
......@@ -2316,13 +2316,13 @@ sub check_action_parameters {
 
## Validate CSRF token when one is required
if (defined($require_csrftoken{$param->{'action'}})) {
wwslog('debug', 'Action %s: CSRF token required', $param->{'action'});
wwslog('debug', 'Action %s: CSRF token required', $param->{'action'});
 
unless (defined($in{'csrftoken'})
and ($in{'csrftoken'} eq $session->{'csrftoken'})) {
unless (defined($in{'csrftoken'})
and ($in{'csrftoken'} eq $session->{'csrftoken'})) {
Sympa::WWW::Report::reject_report_web('user',
'authorization_reject', {'list' => $in{'list'}},
$param->{'action'}, '');
'authorization_reject', {'list' => $in{'list'}},
$param->{'action'}, '');
 
wwslog('info', 'CSRF token mismatch: in="%s" session="%s"',
$in{'csrftoken'}, $session->{'csrftoken'});
......@@ -2506,7 +2506,7 @@ sub send_html {
my $error_escaped = Sympa::Tools::Text::encode_html($error);
$param->{'tt2_error'} = $error_escaped;
$param_copy->{'tt2_error'} = $error_escaped;
$output = '';
$output = '';
$template->parse($param_copy, 'tt2_error.tt2', \$output,
has_header => 1);
$output .= "\n\n"; # when tt2 failed to parse
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment