aboutsummaryrefslogtreecommitdiffstats
path: root/admportal/views/mobility
diff options
context:
space:
mode:
authorRotundo, Al (ar3165) <ar3165@att.com>2019-07-31 14:46:56 +0000
committerTimoney, Dan (dt5972) <dtimoney@att.com>2019-07-31 14:31:07 -0400
commit18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch)
tree39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/views/mobility
parent33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff)
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal. Issue-ID: OJSI-40 Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/views/mobility')
-rw-r--r--admportal/views/mobility/vnfPreloadData.ejs6
-rw-r--r--admportal/views/mobility/vnfPreloadNetworkData.ejs4
-rw-r--r--admportal/views/mobility/vnfProfile.ejs1
3 files changed, 7 insertions, 4 deletions
diff --git a/admportal/views/mobility/vnfPreloadData.ejs b/admportal/views/mobility/vnfPreloadData.ejs
index 69f02e59..4dc73987 100644
--- a/admportal/views/mobility/vnfPreloadData.ejs
+++ b/admportal/views/mobility/vnfPreloadData.ejs
@@ -110,8 +110,9 @@
<div class="col-md-8 col-md-push-4">
<form method="POST" action="/mobility/uploadVnfData" enctype="multipart/form-data">
<div class="form-group">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
<label for="dest">Upload pre processed JSON file.</label>
- <input name="filename" type="file" id="dest">
+ <input name="filename" type="file" id="dest" />
<p class="help-block">Choose a JSON file to upload.</p>
<button type="button" class="btn btn-default"
data-toggle="tooltip" data-placement="bottom"
@@ -123,8 +124,9 @@
<div class="col-md-4 col-md-pull-8">
<form method="POST" action="/preload/uploadVnfCsv" enctype="multipart/form-data">
<div class="form-group">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
<label for="dest">Upload Worksheet CSV files from the <%= preloadImportDirectory %> directory.</label>
- <input name="filename" type="file" id="dest" multiple>
+ <input name="filename" type="file" id="dest" multiple />
<p class="help-block">Choose Worksheet CSV files to upload.</p>
<button type="button" class="btn btn-default"
data-toggle="tooltip" data-placement="bottom"
diff --git a/admportal/views/mobility/vnfPreloadNetworkData.ejs b/admportal/views/mobility/vnfPreloadNetworkData.ejs
index 099dcba5..5d6204c0 100644
--- a/admportal/views/mobility/vnfPreloadNetworkData.ejs
+++ b/admportal/views/mobility/vnfPreloadNetworkData.ejs
@@ -111,7 +111,7 @@
<form method="POST" action="/mobility/uploadVnfNetworkData" enctype="multipart/form-data">
<div class="form-group">
<label for="dest">Upload pre processed JSON file.</label>
- <input name="filename" type="file" id="dest"></input>
+ <input name="filename" type="file" id="dest" />
<p class="help-block">Choose a JSON file to upload.</p>
<button type="button" class="btn btn-default"
data-toggle="tooltip" data-placement="bottom"
@@ -125,7 +125,7 @@
<form method="POST" action="/preload/uploadNetworkCsv" enctype="multipart/form-data">
<div class="form-group">
<label for="dest">Upload Worksheet CSV files from the <%= preloadImportDirectory %> directory.</label>
- <input name="filename" type="file" id="dest" multiple></input>
+ <input name="filename" type="file" id="dest" multiple />
<p class="help-block">Choose Worksheet CSV files to upload.</p>
<button type="button" class="btn btn-default"
data-toggle="tooltip" data-placement="bottom"
diff --git a/admportal/views/mobility/vnfProfile.ejs b/admportal/views/mobility/vnfProfile.ejs
index 1a494985..a801b90c 100644
--- a/admportal/views/mobility/vnfProfile.ejs
+++ b/admportal/views/mobility/vnfProfile.ejs
@@ -90,6 +90,7 @@
<% if(priv == 'A'){ %>
<div class="actions" style="padding:0px 25px;">
<form method="POST" action="/mobility/uploadVnfProfile" enctype="multipart/form-data">
+ <input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
<div class="form-group">
<label for="dest">File input</label>
<input name="filename" type="file" id="dest">