summaryrefslogtreecommitdiffstats
path: root/admportal/views/user
diff options
context:
space:
mode:
authorRotundo, Al (ar3165) <ar3165@att.com>2019-07-31 14:46:56 +0000
committerTimoney, Dan (dt5972) <dtimoney@att.com>2019-07-31 14:31:07 -0400
commit18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 (patch)
tree39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb /admportal/views/user
parent33e9f85700d3ba17f95a69011d2d2932d4b98df0 (diff)
Added new modules to help prevent Cross Site Request Forgery
Made changes to prevent arbitrary code exection on AdmPortal. Issue-ID: OJSI-40 Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
Diffstat (limited to 'admportal/views/user')
-rw-r--r--admportal/views/user/list.ejs16
1 files changed, 8 insertions, 8 deletions
diff --git a/admportal/views/user/list.ejs b/admportal/views/user/list.ejs
index 947a8114..ec650b0b 100644
--- a/admportal/views/user/list.ejs
+++ b/admportal/views/user/list.ejs
@@ -43,7 +43,7 @@
<div class="container-fluid">
<div class="actions" style="padding:15px 0px;">
<% if(priv == 'A') { %>
- <button class="btn btn-primary" data-toggle="modal" data-target="#newUserModal">Add User</button>
+ <button class="btn btn-primary" data-toggle="modal" data-target="#new_user">Add User</button>
<% } %>
</div>
@@ -75,14 +75,14 @@
<% } %>
</td>
<% if(priv == 'A') { %>
- <td><form name="rowform">
- <input type="hidden" name="rfemail" id="rfemail" value="<%= row.email %>"</input>
+ <td>
+ <form name="rowform">
+ <button type="button" class="btn btn-default btn-xs"
+ onclick="updateRequest('<%=row.email %>', '<%=row.password %>', '<%=row.privilege %>');">Update</button>
+ <button type="button" class="btn btn-default btn-xs"
+ onclick="deleteRequest('<%=row.email %>');">Delete</button>
</form>
- <button type="button" class="btn btn-default btn-xs"
- onclick="updateRequest('<%=row.email %>', '<%=row.password %>', '<%=row.privilege %>');">Update</button>
- <button type="button" class="btn btn-default btn-xs"
- onclick="deleteRequest('<%=row.email %>');">Delete</button>
- </td>
+ </td>
<% } %>
</tr>
<% }); }; %>