FHEM/fhem-mirror
2
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-03-10 09:16:53 +00:00
Code Issues Releases Wiki Activity

98_weblink.pm:fix csrf issues (Forum #67543)

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk@13483 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
rudolfkoenig 2017-02-21 16:10:44 +00:00
parent 73d55aa34b
commit 31fbe79727
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fhem/FHEM/98_weblink.pm
View File

@ -6,6 +6,7 @@ use strict;
use warnings; use warnings;
use vars qw($FW_subdir); # Sub-path in URL for extensions, e.g. 95_FLOORPLAN use vars qw($FW_subdir); # Sub-path in URL for extensions, e.g. 95_FLOORPLAN
use vars qw($FW_ME); # webname (default is fhem), used by 97_GROUP/weblink use vars qw($FW_ME); # webname (default is fhem), used by 97_GROUP/weblink
use vars qw($FW_CSRF); # CSRF Token or empty
use IO::File; use IO::File;
##################################### #####################################
@ -122,7 +123,7 @@ weblink_FwFn($$$$)
my @args = split(":", $line, 3); my @args = split(":", $line, 3);
$ret .= "<tr class='".(($row++&1)?"odd":"even")."'>"; $ret .= "<tr class='".(($row++&1)?"odd":"even")."'>";
$ret .= "<td><a href='$FW_ME?cmd=$args[2]'><div class='col1'>". $ret .= "<td><a href='$FW_ME?cmd=$args[2]$FW_CSRF'><div class='col1'>".
"<img src='$FW_ME/icons/$args[0]' width='19' height='19' ". "<img src='$FW_ME/icons/$args[0]' width='19' height='19' ".
"align='center' alt='$args[0]' title='$args[0]'>". "align='center' alt='$args[0]' title='$args[0]'>".
"$args[1]</div></a></td></td>"; "$args[1]</div></a></td></td>";