Added new modules to help prevent Cross Site Request Forgery

Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40

Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>

Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04

2 files changed, 2 insertions, 0 deletions

diff --git a/admportal/views/pages/login.ejs b/admportal/views/pages/login.ejs
index 3a3e5e4e..9da2f31d 100644
--- a/admportal/views/pages/login.ejs
+++ b/admportal/views/pages/login.ejs
@@ -33,6 +33,7 @@
       <form class="form-signin" method="POST" action="/formlogin">
         <h3 class="form-signin-heading">AdminPortal Login</h3>
 
+				<input type="hidden" name="_csrf" value="<%= csrfToken %>" />
         <input type="text" name="email" id="email" class="form-control" placeholder="Email" required>
         <input type="password" name="password" id="password" class="form-control" placeholder="Password" required>
 
diff --git a/admportal/views/pages/signup.ejs b/admportal/views/pages/signup.ejs
index 03ac7bc5..2a039531 100644
--- a/admportal/views/pages/signup.ejs
+++ b/admportal/views/pages/signup.ejs
@@ -33,6 +33,7 @@
       <form class="form-signin" method="POST" action="/formSignUp">
         <h3 class="form-signin-heading">AdminPortal Signup</h3>
 
+				<input type="hidden" name="_csrf" value="<%= csrfToken %>" />
         <input type="email" name="nf_email" id="nf_email" class="form-control" placeholder="Email Address" required>
         <input type="password" name="nf_password" id="nf_password" class="form-control" placeholder="Password" required>