WebMods: Following the last commit, this adds the CSRF check token

to existing action="post" forms. Right now, we don't have much of a
real protection against CSRF yet, but psychon is working on making
that happen :)


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1933 726aef4b-f618-498e-8847-2d620e286838

WebModules.cpp

@@ -307,6 +307,7 @@ void CWebSock::SetVars() {
 	m_Template["SessionIP"] = GetRemoteIP();
 	m_Template["Tag"] = CZNC::GetTag(GetSession()->GetUser() != NULL);
 	m_Template["SkinName"] = GetSkinName();
+	m_Template["_CSRF_Check"] = GetCSRFCheck();
 
 	if (GetSession()->IsAdmin()) {
 		m_Template["IsAdmin"] = "true";

modules/www/notes/index.tmpl

@@ -1,6 +1,7 @@
 <? INC Header.tmpl ?>
 
 <form method="post" action="/mods/notes/addnote">
+	<? INC _csrf_check.tmpl ?>
 	<div class="section">
 		<h3>Add A Note</h3>
 		<div class="sectionbg">

modules/www/stickychan/index.tmpl

@@ -1,6 +1,7 @@
 <? INC Header.tmpl ?>
 
 <form action="" method="post">
+	<? INC _csrf_check.tmpl ?>
 	<table class="data">
 		<thead>
 			<tr>

modules/www/webadmin/add_edit_chan.tmpl

@@ -1,6 +1,7 @@
 <? INC Header.tmpl ?>
 
 <form action="<? IF Edit ?>editchan<? ELSE ?>addchan<? ENDIF ?>" method="post">
+	<? INC _csrf_check.tmpl ?>
 	<div class="section">
 		<input type="hidden" name="submitted" value="1" />
 		<input type="hidden" name="user" value="<? VAR User ?>" />

modules/www/webadmin/add_edit_user.tmpl

@@ -1,6 +1,7 @@
 <? INC Header.tmpl ?>
 
 <form action="<? IF Edit ?>edituser<? ELSE ?>adduser<? ENDIF ?>" method="post">
+	<? INC _csrf_check.tmpl ?>
 	<div class="section">
 		<input type="hidden" name="submitted" value="1" />
 

modules/www/webadmin/settings.tmpl

@@ -1,6 +1,7 @@
 <? INC Header.tmpl ?>
 
 <form action="settings" method="post">
+	<? INC _csrf_check.tmpl ?>
 	<div class="section">
 		<input type="hidden" name="submitted" value="1" />
 

webskins/_default_/tmpl/_csrf_check.tmpl

@@ -0,0 +1 @@
+<input type="hidden" name="_CSRF_Check" value="<? VAR _CSRF_Check TOP ?>" />