diff --git a/app/controllers/batch/EditorController.php b/app/controllers/batch/EditorController.php index 8e6752656f..c0acd86162 100644 --- a/app/controllers/batch/EditorController.php +++ b/app/controllers/batch/EditorController.php @@ -7,7 +7,7 @@ * ---------------------------------------------------------------------- * * Software by Whirl-i-Gig (http://www.whirl-i-gig.com) - * Copyright 2012-2013 Whirl-i-Gig + * Copyright 2012-2021 Whirl-i-Gig * * For more information visit http://www.CollectiveAccess.org * @@ -112,6 +112,10 @@ public function Edit($pa_values=null, $pa_options=null) { * @param array $pa_options Array of options passed through to _initView and saveBundlesForScreen() */ public function Save($pa_options=null) { + if (!caValidateCSRFToken($this->request, null, ['notifications' => $this->notification])) { + $this->Edit(); + return; + } if (!is_array($pa_options)) { $pa_options = array(); } list($vn_set_id, $t_set, $t_subject, $t_ui) = $this->_initView($pa_options); diff --git a/app/controllers/batch/MediaImportController.php b/app/controllers/batch/MediaImportController.php index 86b23765d0..e5b3307370 100644 --- a/app/controllers/batch/MediaImportController.php +++ b/app/controllers/batch/MediaImportController.php @@ -7,7 +7,7 @@ * ---------------------------------------------------------------------- * * Software by Whirl-i-Gig (http://www.whirl-i-gig.com) - * Copyright 2012-2015 Whirl-i-Gig + * Copyright 2012-2021 Whirl-i-Gig * * For more information visit http://www.CollectiveAccess.org * @@ -207,6 +207,10 @@ public function Index($pa_values=null, $pa_options=null) { * @param array $pa_options Array of options passed through to _initView and saveBundlesForScreen() */ public function Save($pa_options=null) { + if (!caValidateCSRFToken($this->request, null, ['notifications' => $this->notification])) { + $this->Index(); + return; + } global $g_ui_locale_id; if (!is_array($pa_options)) { $pa_options = array(); } diff --git a/app/controllers/batch/MetadataImportController.php b/app/controllers/batch/MetadataImportController.php index cb903a2908..a5eb76eeeb 100644 --- a/app/controllers/batch/MetadataImportController.php +++ b/app/controllers/batch/MetadataImportController.php @@ -7,7 +7,7 @@ * ---------------------------------------------------------------------- * * Software by Whirl-i-Gig (http://www.whirl-i-gig.com) - * Copyright 2012-2016 Whirl-i-Gig + * Copyright 2012-2021 Whirl-i-Gig * * For more information visit http://www.CollectiveAccess.org * @@ -161,6 +161,10 @@ public function Run() { * */ public function ImportData() { + if (!caValidateCSRFToken($this->request, null, ['notifications' => $this->notification])) { + $this->Index(); + return; + } global $g_ui_locale_id; $t_importer = $this->getImporterInstance(); diff --git a/themes/default/views/batch/mediaimport/import_options_html.php b/themes/default/views/batch/mediaimport/import_options_html.php index 780dc20ae7..5ed33111b7 100644 --- a/themes/default/views/batch/mediaimport/import_options_html.php +++ b/themes/default/views/batch/mediaimport/import_options_html.php @@ -7,7 +7,7 @@ * ---------------------------------------------------------------------- * * Software by Whirl-i-Gig (http://www.whirl-i-gig.com) - * Copyright 2012-2015 Whirl-i-Gig + * Copyright 2012-2021 Whirl-i-Gig * * For more information visit http://www.CollectiveAccess.org * @@ -49,7 +49,7 @@