diff options
| author | Luka Trovic <luka@nextcloud.com> | 2024-03-20 21:08:54 +0100 |
|---|---|---|
| committer | Luka Trovic <luka@nextcloud.com> | 2024-03-29 09:49:41 +0100 |
| commit | c08ab81334e7508b87dc514efdf4b02fb18f6c55 (patch) | |
| tree | 5d78e3b83670e0f4550b9b04c83d4abc0ad4f6b4 /core/templates | |
| parent | a40838b61cfbad9fc3d969b82179f12308b8cd09 (diff) | |
| download | nextcloud-server-c08ab81334e7508b87dc514efdf4b02fb18f6c55.tar.gz nextcloud-server-c08ab81334e7508b87dc514efdf4b02fb18f6c55.zip | |
fix: csrf check failed on public share with password
Signed-off-by: Luka Trovic <luka@nextcloud.com>
Diffstat (limited to 'core/templates')
| -rw-r--r-- | core/templates/publicshareauth.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/core/templates/publicshareauth.php b/core/templates/publicshareauth.php index a48bbbbb7b2..3b7393e0c07 100644 --- a/core/templates/publicshareauth.php +++ b/core/templates/publicshareauth.php @@ -22,7 +22,7 @@ <?php endif; ?> <p> <label for="password" class="infield"><?php p($l->t('Password')); ?></label> - <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> + <input type="hidden" id="requesttoken" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> <input type="password" name="password" id="password" placeholder="<?php p($l->t('Password')); ?>" value="" autocomplete="new-password" autocapitalize="off" spellcheck="false" @@ -34,7 +34,7 @@ </p> </fieldset> </form> - + <!-- email prompt form. It should initially be hidden --> <?php if (isset($_['identityOk'])): ?> <form method="post" id="email-input-form"> @@ -46,7 +46,7 @@ <p> <input type="email" id="email" name="identityToken" placeholder="<?php p($l->t('Email address')); ?>" /> <input type="submit" id="password-request" name="passwordRequest" class="svg icon-confirm input-button-inline" value="" disabled="disabled"/> - <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> + <input type="hidden" id="requesttoken" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> <input type="hidden" name="sharingToken" value="<?php p($_['share']->getToken()) ?>" id="sharingToken"> <input type="hidden" name="sharingType" value="<?php p($_['share']->getShareType()) ?>" id="sharingType"> </p> @@ -59,12 +59,12 @@ <?php endif; ?> </fieldset> </form> - + <!-- request password button --> <?php if (!isset($_['identityOk']) && $_['share']->getShareType() === $_['share']::TYPE_EMAIL && !$_['share']->getSendPasswordByTalk()): ?> <a id="request-password-button-not-talk"><?php p($l->t('Forgot password?')); ?></a> <?php endif; ?> - + <!-- back to showShare button --> <form method="get"> <fieldset> |