diff options
author | Florian Pritz <bluewind@xinu.at> | 2013-08-29 17:55:52 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2013-09-02 22:02:27 +0200 |
commit | 285262b6c668b4f367f8222880ceb01be39fd3ac (patch) | |
tree | 2607d33e77a4ee38970a122eeb5fc4a8f60f9250 /application/views | |
parent | 84ce2c6ce0eb1b4f2f32c4ae0d7e08f3571f5018 (diff) |
Add CSRF protection
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/views')
-rw-r--r-- | application/views/file/client.php | 4 | ||||
-rw-r--r-- | application/views/file_plaintext/client.php | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/application/views/file/client.php b/application/views/file/client.php index 5e141f141..29e254a80 100644 --- a/application/views/file/client.php +++ b/application/views/file/client.php @@ -42,7 +42,7 @@ machine <?php echo $domain; ?> login my_username password my_secret_password <h1>Shell</h1> <pre> -curl -n -F "file=@/home/user/foo" <?php echo site_url(); ?> (binary safe) -cat file | curl -n -F "file=@-;filename=stdin" <?php echo site_url(); ?> (binary safe) +curl -n -F "file=@/home/user/foo" <?php echo site_url("file/do_upload"); ?> (binary safe) +cat file | curl -n -F "file=@-;filename=stdin" <?php echo site_url("file/do_upload"); ?> (binary safe) </pre> diff --git a/application/views/file_plaintext/client.php b/application/views/file_plaintext/client.php index b37fd81bd..0ab556df2 100644 --- a/application/views/file_plaintext/client.php +++ b/application/views/file_plaintext/client.php @@ -1,6 +1,6 @@ Shell (binary safe): - curl -n -F "file=@/home/user/foo" <?php echo site_url()."\n"; ?> - cat file | curl -n -F "file=@-;filename=stdin" <?php echo site_url()."\n"; ?> + curl -n -F "file=@/home/user/foo" <?php echo site_url("file/do_upload")."\n"; ?> + cat file | curl -n -F "file=@-;filename=stdin" <?php echo site_url("file/do_upload")."\n"; ?> Client: Development (git): http://git.server-speed.net/users/flo/fb |