diff options
author | Madhura Jayaratne <madhura.cj@gmail.com> | 2018-04-17 17:07:48 +0300 |
---|---|---|
committer | Madhura Jayaratne <madhura.cj@gmail.com> | 2018-04-17 17:59:33 +0300 |
commit | c6dd6b56e236a3aff953cee4135ecaa67130e641 (patch) | |
tree | 4e166cd9d267dcaaec6965e531240cee9c5cf70e /js | |
parent | 301cbe4ef7b38e4ab351438703f38410c2a578cc (diff) |
Fix phpmyadmin-security#240 Multiple CSRF vulnerabilities
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
Diffstat (limited to 'js')
-rw-r--r-- | js/db_operations.js | 7 | ||||
-rw-r--r-- | js/tbl_operations.js | 6 |
2 files changed, 7 insertions, 6 deletions
diff --git a/js/db_operations.js b/js/db_operations.js index 5a8e95d579..b65733d896 100644 --- a/js/db_operations.js +++ b/js/db_operations.js @@ -134,6 +134,7 @@ AJAX.registerOnload('db_operations.js', function () { */ $(document).on('click', '#drop_db_anchor.ajax', function (event) { event.preventDefault(); + var $link = $(this); /** * @var question String containing the question to be asked for confirmation */ @@ -142,10 +143,8 @@ AJAX.registerOnload('db_operations.js', function () { PMA_messages.strDoYouReally, 'DROP DATABASE `' + escapeHtml(PMA_commonParams.get('db') + '`') ); - var params = { - 'is_js_confirmed': '1', - 'ajax_request': true - }; + var params = getJSConfirmCommonParam(this, $link.getPostData()); + $(this).PMA_confirm(question, $(this).attr('href'), function (url) { PMA_ajaxShowMessage(PMA_messages.strProcessingRequest); $.post(url, params, function (data) { diff --git a/js/tbl_operations.js b/js/tbl_operations.js index 2763e0263c..59b8c534e7 100644 --- a/js/tbl_operations.js +++ b/js/tbl_operations.js @@ -218,6 +218,7 @@ AJAX.registerOnload('tbl_operations.js', function () { $(document).on('click', '#drop_tbl_anchor.ajax', function (event) { event.preventDefault(); + var $link = $(this); /** * @var question String containing the question to be asked for confirmation */ @@ -230,7 +231,7 @@ AJAX.registerOnload('tbl_operations.js', function () { $(this).PMA_confirm(question, $(this).attr('href'), function (url) { var $msgbox = PMA_ajaxShowMessage(PMA_messages.strProcessingRequest); - var params = getJSConfirmCommonParam(this); + var params = getJSConfirmCommonParam(this, $link.getPostData()); $.post(url, params, function (data) { if (typeof data !== 'undefined' && data.success === true) { @@ -289,6 +290,7 @@ AJAX.registerOnload('tbl_operations.js', function () { $(document).on('click', '#truncate_tbl_anchor.ajax', function (event) { event.preventDefault(); + var $link = $(this); /** * @var question String containing the question to be asked for confirmation */ @@ -300,7 +302,7 @@ AJAX.registerOnload('tbl_operations.js', function () { $(this).PMA_confirm(question, $(this).attr('href'), function (url) { PMA_ajaxShowMessage(PMA_messages.strProcessingRequest); - var params = getJSConfirmCommonParam(this); + var params = getJSConfirmCommonParam(this, $link.getPostData()); $.post(url, params, function (data) { if ($('.sqlqueryresults').length !== 0) { |