John Reese
By: a guest on Jun 21st, 2010 | syntax: Diff | size: 5.53 KB | hits: 264 | expires: Never
Copied
- From 924bbbb0506a6877f21b764d9c27d4bd3a77b905 Mon Sep 17 00:00:00 2001
- From: John Reese <JohnMichael.Reese@ge.com>
- Date: Mon, 21 Jun 2010 13:43:58 -0400
- Subject: [PATCH 2/3] Migrate from existing usages to form_action_self()
- ---
- billing_inc.php | 2 +-
- bugnote_stats_inc.php | 2 +-
- core/authentication_api.php | 2 +-
- core/helper_api.php | 2 +-
- manage_config_email_page.php | 2 +-
- manage_config_work_threshold_page.php | 2 +-
- manage_config_workflow_page.php | 2 +-
- 7 files changed, 7 insertions(+), 7 deletions(-)
- diff --git a/billing_inc.php b/billing_inc.php
- index 9a10ada..a4d13f8 100644
- --- a/billing_inc.php
- +++ b/billing_inc.php
- @@ -72,7 +72,7 @@ if ( !config_get('time_tracking_enabled') )
- }
- ?>
- -<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
- +<form method="post" action="<?php echo form_action_self() ?>">
- <?php # CSRF protection not required here - form does not result in modifications ?>
- <input type="hidden" name="id" value="<?php echo isset( $f_bug_id ) ? $f_bug_id : 0 ?>" />
- <table border="0" class="width100" cellspacing="0">
- diff --git a/bugnote_stats_inc.php b/bugnote_stats_inc.php
- index 6e8e666..4e51b7e 100644
- --- a/bugnote_stats_inc.php
- +++ b/bugnote_stats_inc.php
- @@ -61,7 +61,7 @@ if ( ON != config_get('time_tracking_enabled') ) {
- $f_get_bugnote_stats_button = gpc_get_string( 'get_bugnote_stats_button', '' );
- ?>
- -<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME'] ?>">
- +<form method="post" action="<?php echo form_action_self() ?>">
- <?php # CSRF protection not required here - form does not result in modifications ?>
- <input type="hidden" name="id" value="<?php echo $f_bug_id ?>" />
- <table border=0 class="width100" cellspacing="0">
- diff --git a/core/authentication_api.php b/core/authentication_api.php
- index 957e265..32961f1 100644
- --- a/core/authentication_api.php
- +++ b/core/authentication_api.php
- @@ -674,7 +674,7 @@ function auth_reauthenticate_page( $p_user_id, $p_username ) {
- }
- ?>
- </p>
- -<form name="reauth_form" method="post" action="<?php echo string_sanitize_url( $_SERVER['SCRIPT_NAME'] );?>">
- +<form name="reauth_form" method="post" action="<?php echo form_action_self();?>">
- <?php
- # CSRF protection not required here - user needs to enter password
- # (confirmation step) before the form is accepted.
- diff --git a/core/helper_api.php b/core/helper_api.php
- index 21131cd..5731e63 100644
- --- a/core/helper_api.php
- +++ b/core/helper_api.php
- @@ -289,7 +289,7 @@ function helper_ensure_confirmed( $p_message, $p_button_label ) {
- print_hr();
- echo "\n$p_message\n";
- - echo '<form method="post" action="' . $_SERVER['SCRIPT_NAME'] . "\">\n";
- + echo '<form method="post" action="' . form_action_self() . "\">\n";
- # CSRF protection not required here - user needs to confirm action
- # before the form is accepted.
- print_hidden_inputs( gpc_strip_slashes( $_POST ) );
- diff --git a/manage_config_email_page.php b/manage_config_email_page.php
- index 918e2e8..b5b4295 100644
- --- a/manage_config_email_page.php
- +++ b/manage_config_email_page.php
- @@ -286,7 +286,7 @@
- echo form_security_field( 'manage_config_revert' );
- echo "<input name=\"revert\" type=\"hidden\" value=\"notify_flags,default_notify_flags\"></input>";
- echo "<input name=\"project\" type=\"hidden\" value=\"$t_project\"></input>";
- - echo "<input name=\"return\" type=\"hidden\" value=\"" . string_sanitize_url( $_SERVER['SCRIPT_NAME'] ) ."\"></input>";
- + echo "<input name=\"return\" type=\"hidden\" value=\"" . form_action_self() ."\"></input>";
- echo "<input type=\"submit\" class=\"button\" value=\"";
- if ( ALL_PROJECTS == $t_project ) {
- echo lang_get( 'revert_to_system' );
- diff --git a/manage_config_work_threshold_page.php b/manage_config_work_threshold_page.php
- index 42bdcb8..a91d220 100644
- --- a/manage_config_work_threshold_page.php
- +++ b/manage_config_work_threshold_page.php
- @@ -326,7 +326,7 @@
- echo form_security_field( 'manage_config_revert' );
- echo "<input name=\"revert\" type=\"hidden\" value=\"" . implode( ',', $t_overrides ) . "\"></input>";
- echo "<input name=\"project\" type=\"hidden\" value=\"$t_project_id\"></input>";
- - echo "<input name=\"return\" type=\"hidden\" value=\"" . string_sanitize_url( $_SERVER['SCRIPT_NAME'] ) ."\"></input>";
- + echo "<input name=\"return\" type=\"hidden\" value=\"" . form_action_self() ."\"></input>";
- echo "<input type=\"submit\" class=\"button\" value=\"";
- if ( ALL_PROJECTS == $t_project_id ) {
- echo lang_get( 'revert_to_system' );
- diff --git a/manage_config_workflow_page.php b/manage_config_workflow_page.php
- index 5f1b191..53c426a 100644
- --- a/manage_config_workflow_page.php
- +++ b/manage_config_workflow_page.php
- @@ -477,7 +477,7 @@
- echo form_security_field( 'manage_config_revert' );
- echo "<input name=\"revert\" type=\"hidden\" value=\"" . implode( ',', $t_overrides ) . "\"></input>";
- echo "<input name=\"project\" type=\"hidden\" value=\"$t_project\"></input>";
- - echo "<input name=\"return\" type=\"hidden\" value=\"" . string_sanitize_url( $_SERVER['SCRIPT_NAME'] ) ."\"></input>";
- + echo "<input name=\"return\" type=\"hidden\" value=\"" . form_action_self() ."\"></input>";
- echo "<input type=\"submit\" class=\"button\" value=\"";
- if ( ALL_PROJECTS == $t_project ) {
- echo lang_get( 'revert_to_system' );
- --
- 1.7.0.4
create a new version of this paste
RAW Paste Data