X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Fshare%2Fhtml%2FElements%2FCSRF;fp=rt%2Fshare%2Fhtml%2FElements%2FCSRF;h=4893c1216cb138042285b92b5291ad8d761f2d71;hp=0000000000000000000000000000000000000000;hb=21a232b78413718d8a68867ba7eb4f52a287f9b6;hpb=c24d6e2242ae0e026684b8f95decf156aba6e75e diff --git a/rt/share/html/Elements/CSRF b/rt/share/html/Elements/CSRF new file mode 100644 index 000000000..4893c1216 --- /dev/null +++ b/rt/share/html/Elements/CSRF @@ -0,0 +1,74 @@ +%# BEGIN BPS TAGGED BLOCK {{{ +%# +%# COPYRIGHT: +%# +%# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC +%# +%# +%# (Except where explicitly superseded by other copyright notices) +%# +%# +%# LICENSE: +%# +%# This work is made available to you under the terms of Version 2 of +%# the GNU General Public License. A copy of that license should have +%# been provided with this software, but in any event can be snarfed +%# from www.gnu.org. +%# +%# This work is distributed in the hope that it will be useful, but +%# WITHOUT ANY WARRANTY; without even the implied warranty of +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +%# General Public License for more details. +%# +%# You should have received a copy of the GNU General Public License +%# along with this program; if not, write to the Free Software +%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +%# 02110-1301 or visit their web page on the internet at +%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +%# +%# +%# CONTRIBUTION SUBMISSION POLICY: +%# +%# (The following paragraph is not intended to limit the rights granted +%# to you to modify and distribute this software under the terms of +%# the GNU General Public License and is only of importance to you if +%# you choose to contribute your changes and enhancements to the +%# community by submitting them to Best Practical Solutions, LLC.) +%# +%# By intentionally submitting any modifications, corrections or +%# derivatives to this work, or any other work intended for use with +%# Request Tracker, to Best Practical Solutions, LLC, you confirm that +%# you are the copyright holder for those contributions and you grant +%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +%# royalty-free, perpetual, license to use, copy, create derivative +%# works based on those contributions, and sublicense and distribute +%# those contributions and any derivatives thereof. +%# +%# END BPS TAGGED BLOCK }}} +<& /Elements/Header, Title => loc('Possible cross-site request forgery') &> +<& /Elements/Tabs &> + +

<&|/l&>Possible cross-site request forgery

+ +% my $strong_start = ""; +% my $strong_end = ""; +

<&|/l_unsafe, $strong_start, $strong_end, $Reason &>RT has detected a possible [_1]cross-site request forgery[_2] for this request, because [_3]. This is possibly caused by a malicious attacker trying to perform actions against RT on your behalf. If you did not initiate this request, then you should alert your security team.

+ +% my $start = qq||; +% my $end = qq||; +

<&|/l_unsafe, $escaped_path, $start, $end &>If you really intended to visit [_1], then [_2]click here to resume your request[_3].

+ +<& /Elements/Footer, %ARGS &> +% $m->abort; +<%ARGS> +$OriginalURL => '' +$Reason => '' +$Token => '' + +<%INIT> +my $escaped_path = $m->interp->apply_escapes($OriginalURL, 'h'); +$escaped_path = "$escaped_path"; + +my $url_with_token = URI->new($OriginalURL); +$url_with_token->query_form([CSRF_Token => $Token]); +