Added new modules to help prevent Cross Site Request Forgery

Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40

Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>

Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04

1 files changed, 4 insertions, 2 deletions

diff --git a/admportal/views/mobility/vnfPreloadData.ejs b/admportal/views/mobility/vnfPreloadData.ejs
index 69f02e59..4dc73987 100644
--- a/admportal/views/mobility/vnfPreloadData.ejs
+++ b/admportal/views/mobility/vnfPreloadData.ejs
@@ -110,8 +110,9 @@
     <div class="col-md-8  col-md-push-4">
 	<form method="POST" action="/mobility/uploadVnfData" enctype="multipart/form-data">
 		<div class="form-group">
+				<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
     		<label for="dest">Upload pre processed JSON file.</label>
-    		<input name="filename" type="file" id="dest">
+    		<input name="filename" type="file" id="dest" />
     		<p class="help-block">Choose a JSON file to upload.</p>
             <button type="button" class="btn btn-default"
 				data-toggle="tooltip" data-placement="bottom"
@@ -123,8 +124,9 @@
 	<div class="col-md-4 col-md-pull-8">
 	<form method="POST" action="/preload/uploadVnfCsv" enctype="multipart/form-data">
 		<div class="form-group">
+				<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
     		<label for="dest">Upload Worksheet CSV files from the <%= preloadImportDirectory %> directory.</label>
-    		<input name="filename" type="file" id="dest" multiple>
+    		<input name="filename" type="file" id="dest" multiple />
     		<p class="help-block">Choose Worksheet CSV files to upload.</p>
 			<button type="button" class="btn btn-default" 
 				data-toggle="tooltip" data-placement="bottom"