First step to implementing new form security purge().

amyreese · amyreese · commit 8c537f830d4f · 2008-10-03T15:07:12.000Z
git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5621 f5dc347c-c33d-0410-90a0-b07cc1902cb9
diff --git a/manage_config_email_set.php b/manage_config_email_set.php
@@ -151,7 +151,7 @@
         }
 	}
 
-
+	form_security_purge('manage_config_email_set');
 ?>
 
 <br />
diff --git a/manage_config_revert.php b/manage_config_revert.php
@@ -56,6 +56,8 @@
 		foreach ( $t_revert_vars as $t_revert ) {
 			config_delete( $t_revert, null , $f_project_id );
 		}
+
+		form_security_purge('manage_config_revert');
 	}
 
 	$t_redirect_url = $f_return;
diff --git a/manage_custom_field_create.php b/manage_custom_field_create.php
@@ -46,6 +46,8 @@
 		$t_redirect_url = 'manage_custom_field_page.php';
 	}
 
+	form_security_purge('manage_custom_field_create');
+
 	html_page_top1();
 	html_meta_redirect( $t_redirect_url );
 	html_page_top2();
diff --git a/manage_custom_field_delete.php b/manage_custom_field_delete.php
@@ -53,6 +53,8 @@
 
 	custom_field_destroy( $f_field_id );
 
+	form_security_purge('manage_custom_field_delete');
+
 	html_page_top1();
 	html_meta_redirect( $f_return );
 	html_page_top2();
diff --git a/manage_custom_field_proj_add.php b/manage_custom_field_proj_add.php
@@ -46,5 +46,7 @@
 		}
 	}
 
+	form_security_purge('manage_custom_field_proj_add');
+
 	print_header_redirect( 'manage_custom_field_edit_page.php?field_id=' . $f_field_id );
 ?>
diff --git a/manage_custom_field_update.php b/manage_custom_field_update.php
@@ -60,6 +60,8 @@
 
 	custom_field_update( $f_field_id, $t_values );
 
+	form_security_purge('manage_custom_field_update');
+
 	html_page_top1();
 
 	html_meta_redirect( $f_return );
diff --git a/manage_proj_cat_add.php b/manage_proj_cat_add.php
@@ -64,6 +64,8 @@
 		}
 	}
 
+	form_security_purge( 'manage_proj_cat_add' );
+
 	if ( $f_project_id == ALL_PROJECTS ) {
 		$t_redirect_url = 'manage_proj_page.php';
 	} else {
diff --git a/manage_proj_cat_copy.php b/manage_proj_cat_copy.php
@@ -61,6 +61,8 @@
 		}
 	}
 
+	form_security_purge( 'manage_proj_cat_copy' );
+
 	if ( $f_project_id == ALL_PROJECTS ) {
 		$t_redirect_url = 'manage_proj_page.php';
 	} else {
diff --git a/manage_proj_cat_delete.php b/manage_proj_cat_delete.php
@@ -53,6 +53,8 @@
 	form_security_validate( 'manage_proj_cat_delete' );
 	category_remove( $f_category_id );
 
+	form_security_purge( 'manage_proj_cat_delete' );
+
 	if ( $f_project_id == ALL_PROJECTS ) {
 		$t_redirect_url = 'manage_proj_page.php';
 	} else {
diff --git a/manage_proj_cat_update.php b/manage_proj_cat_update.php
@@ -55,6 +55,8 @@
 	
 	category_update( $f_category_id, $f_name, $f_assigned_to );
 
+	form_security_purge( 'manage_proj_cat_update' );
+
 	if ( $f_project_id == ALL_PROJECTS ) {
 		$t_redirect_url = 'manage_proj_page.php';
 	} else {
diff --git a/manage_proj_create.php b/manage_proj_create.php
@@ -61,6 +61,8 @@
 		project_hierarchy_add( $t_project_id, $f_parent_id, $f_inherit_parent );
 	}
 
+	form_security_purge( 'manage_proj_create' );
+
 	$t_redirect_url = 'manage_proj_page.php';
 
 	html_page_top1();
diff --git a/manage_proj_custom_field_add_existing.php b/manage_proj_custom_field_add_existing.php
@@ -44,6 +44,8 @@
 
 	custom_field_link( $f_field_id, $f_project_id );
 
+	form_security_purge( 'manage_proj_custom_field_add_existing' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 
 	html_page_top1();
diff --git a/manage_proj_custom_field_copy.php b/manage_proj_custom_field_copy.php
@@ -49,5 +49,7 @@
  
  	project_copy_custom_fields( $t_dst_project_id, $t_src_project_id );
  	
+	form_security_purge( 'manage_proj_custom_field_copy' );
+
  	print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
 ?>
diff --git a/manage_proj_custom_field_remove.php b/manage_proj_custom_field_remove.php
@@ -58,6 +58,8 @@
 	form_security_validate( 'manage_proj_custom_field_remove' );
 	custom_field_unlink( $f_field_id, $f_project_id );
 
+	form_security_purge( 'manage_proj_custom_field_remove' );
+
 	html_page_top1();
 	html_meta_redirect( $t_redirect_url );
 	html_page_top2();
diff --git a/manage_proj_custom_field_update.php b/manage_proj_custom_field_update.php
@@ -45,6 +45,8 @@
 
 	custom_field_set_sequence( $f_field_id, $f_project_id, $f_sequence );
 
+	form_security_purge( 'manage_proj_custom_field_update' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 ?>
 <?php html_page_top1() ?>
diff --git a/manage_proj_delete.php b/manage_proj_delete.php
@@ -40,6 +40,7 @@
 
 	form_security_validate( 'manage_proj_delete' );
 	project_delete( $f_project_id );
+	form_security_purge( 'manage_proj_delete' );
 
 	# Don't leave the current project set to a deleted project -
 	#  set it to All Projects
diff --git a/manage_proj_subproj_add.php b/manage_proj_subproj_add.php
@@ -44,6 +44,8 @@
 	}
 	project_hierarchy_add( $f_subproject_id, $f_project_id );
 
+	form_security_purge( 'manage_proj_subproj_add' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 
 	html_page_top1();
diff --git a/manage_proj_subproj_delete.php b/manage_proj_subproj_delete.php
@@ -37,6 +37,8 @@
 	access_ensure_project_level( config_get( 'manage_project_threshold' ), $f_project_id );
 
 	project_hierarchy_remove( $f_subproject_id, $f_project_id );
+	
+	form_security_purge( 'manage_proj_subproj_delete' );
 
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 
diff --git a/manage_proj_update.php b/manage_proj_update.php
@@ -42,5 +42,7 @@
 
 	project_update( $f_project_id, $f_name, $f_description, $f_status, $f_view_state, $f_file_path, $f_enabled, $f_inherit_global );
 
+	form_security_purge( 'manage_proj_update' );
+
 	print_header_redirect( 'manage_proj_page.php' );
 ?>
diff --git a/manage_proj_update_children.php b/manage_proj_update_children.php
@@ -44,4 +44,6 @@
 		project_hierarchy_update( $t_subproject_id, $f_project_id, $f_inherit_child );
 	}
 
+	form_security_purge( 'manage_proj_update_children' );
+
 	print_successful_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
diff --git a/manage_proj_user_add.php b/manage_proj_user_add.php
@@ -44,5 +44,7 @@
 		project_add_user( $f_project_id, $t_user_id, $f_access_level );
 	}
 
+	form_security_purge( 'manage_proj_user_add' );
+
 	print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
 ?>
diff --git a/manage_proj_user_copy.php b/manage_proj_user_copy.php
@@ -53,5 +53,7 @@
 
 	project_copy_users( $t_dst_project_id, $t_src_project_id );
 
+	form_security_purge( 'manage_proj_user_copy' );
+
 	print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
 ?>
diff --git a/manage_proj_user_remove.php b/manage_proj_user_remove.php
@@ -27,6 +27,7 @@
 	require_once( 'core.php' );
 
 	auth_reauthenticate();
+	form_security_validate( 'manage_proj_user_remove' );
 
 	$f_project_id = gpc_get_int( 'project_id' );
 	$f_user_id = gpc_get_int( 'user_id', 0 );
@@ -41,8 +42,6 @@
 		# Confirm with the user
 		helper_ensure_confirmed( lang_get( 'remove_all_users_sure_msg' ), lang_get( 'remove_all_users_button' ) );
 
-		form_security_validate( 'manage_proj_user_remove' );
-
 		project_remove_all_users( $f_project_id );
 	}
 	else {
@@ -52,11 +51,11 @@
 			'<br/>' . lang_get( 'username' ) . ': ' . $t_user['username'],
 			lang_get( 'remove_user_button' ) );
 
-		form_security_validate( 'manage_proj_user_remove' );
-
 		project_remove_user( $f_project_id, $f_user_id );
 	}
 
+	form_security_purge( 'manage_proj_user_remove' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
 
 	html_page_top1();
diff --git a/manage_proj_ver_add.php b/manage_proj_ver_add.php
@@ -69,6 +69,8 @@
 		}
 	}
 
+	form_security_purge( 'manage_proj_ver_add' );
+
 	if ( true == $f_add_and_edit ) {
 		$t_version_id = version_get_id( $t_version, $f_project_id );
 		$t_redirect_url = 'manage_proj_ver_edit_page.php?version_id='.$t_version_id;
diff --git a/manage_proj_ver_copy.php b/manage_proj_ver_copy.php
@@ -62,5 +62,7 @@
 		}
 	}
 
+	form_security_purge( 'manage_proj_ver_copy' );
+
 	print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
 ?>
diff --git a/manage_proj_ver_delete.php b/manage_proj_ver_delete.php
@@ -46,6 +46,7 @@
 
 	form_security_validate( 'manage_proj_ver_delete' );
 	version_remove( $f_version_id );
+	form_security_purge( 'manage_proj_ver_delete' );
 
 	html_page_top1();
 	html_meta_redirect( $t_redirect_url );
diff --git a/manage_proj_ver_update.php b/manage_proj_ver_update.php
@@ -59,6 +59,8 @@
 
 	version_update( $t_version );
 
+	form_security_purge( 'manage_proj_ver_update' );
+
 	$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $t_version->project_id;
 ?>
 <?php
diff --git a/manage_user_create.php b/manage_user_create.php
@@ -83,6 +83,8 @@
 
 	$t_cookie = user_create( $f_username, $f_password, $f_email, $f_access_level, $f_protected, $f_enabled, $t_realname );
 
+	form_security_purge( 'manage_user_create' );
+
 	if ( $t_cookie === false ) {
 		$t_redirect_url = 'manage_user_page.php';
 	} else {
diff --git a/manage_user_delete.php b/manage_user_delete.php
@@ -42,6 +42,8 @@
 
 	user_delete( $f_user_id );
 
+	form_security_purge('manage_user_delete');
+
 	$t_redirect_url = 'manage_user_page.php';
 
 	html_page_top1();
diff --git a/manage_user_proj_add.php b/manage_user_proj_add.php
@@ -41,5 +41,7 @@
 		}
 	}
 
+	form_security_purge('manage_user_proj_add');
+
 	print_header_redirect( 'manage_user_edit_page.php?user_id=' . $f_user_id );
 ?>
diff --git a/manage_user_reset.php b/manage_user_reset.php
@@ -39,6 +39,8 @@
 	$t_result = user_reset_password( $f_user_id );
 	$t_redirect_url = 'manage_user_page.php';
 
+	form_security_purge('manage_user_reset');
+
 	html_page_top1();
 	if ( $t_result ) {
 		html_meta_redirect( $t_redirect_url );
diff --git a/manage_user_update.php b/manage_user_update.php
@@ -114,6 +114,9 @@
 
 	$result = db_query_bound( $query, $query_params );
 	$t_redirect_url = 'manage_user_edit_page.php?user_id=' . $c_user_id;
+
+	form_security_purge('manage_user_update');
+
 ?>
 <?php html_page_top1() ?>
 <?php

Original file line number	Diff line number	Diff line change
`@@ -151,7 +151,7 @@`
`151`	`151`	`}`
`152`	`152`	`}`
`153`	`153`
`154`		`-`
	`154`	`+ form_security_purge('manage_config_email_set');`
`155`	`155`	`?>`
`156`	`156`
`157`	`157`	`<br />`
Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,8 @@`
`56`	`56`	`foreach ( $t_revert_vars as $t_revert ) {`
`57`	`57`	`config_delete( $t_revert, null , $f_project_id );`
`58`	`58`	`}`
	`59`	`+`
	`60`	`+ form_security_purge('manage_config_revert');`
`59`	`61`	`}`
`60`	`62`
`61`	`63`	`$t_redirect_url = $f_return;`
Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,8 @@`
`46`	`46`	`$t_redirect_url = 'manage_custom_field_page.php';`
`47`	`47`	`}`
`48`	`48`
	`49`	`+ form_security_purge('manage_custom_field_create');`
	`50`	`+`
`49`	`51`	`html_page_top1();`
`50`	`52`	`html_meta_redirect( $t_redirect_url );`
`51`	`53`	`html_page_top2();`
Original file line number	Diff line number	Diff line change
`@@ -46,5 +46,7 @@`
`46`	`46`	`}`
`47`	`47`	`}`
`48`	`48`
	`49`	`+ form_security_purge('manage_custom_field_proj_add');`
	`50`	`+`
`49`	`51`	`print_header_redirect( 'manage_custom_field_edit_page.php?field_id=' . $f_field_id );`
`50`	`52`	`?>`
Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,8 @@`
`64`	`64`	`}`
`65`	`65`	`}`
`66`	`66`
	`67`	`+ form_security_purge( 'manage_proj_cat_add' );`
	`68`	`+`
`67`	`69`	`if ( $f_project_id == ALL_PROJECTS ) {`
`68`	`70`	`$t_redirect_url = 'manage_proj_page.php';`
`69`	`71`	`} else {`
Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,8 @@`
`61`	`61`	`}`
`62`	`62`	`}`
`63`	`63`
	`64`	`+ form_security_purge( 'manage_proj_cat_copy' );`
	`65`	`+`
`64`	`66`	`if ( $f_project_id == ALL_PROJECTS ) {`
`65`	`67`	`$t_redirect_url = 'manage_proj_page.php';`
`66`	`68`	`} else {`
Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,8 @@`
`44`	`44`	`}`
`45`	`45`	`project_hierarchy_add( $f_subproject_id, $f_project_id );`
`46`	`46`
	`47`	`+ form_security_purge( 'manage_proj_subproj_add' );`
	`48`	`+`
`47`	`49`	`$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;`
`48`	`50`
`49`	`51`	`html_page_top1();`
Original file line number	Diff line number	Diff line change
`@@ -44,4 +44,6 @@`
`44`	`44`	`project_hierarchy_update( $t_subproject_id, $f_project_id, $f_inherit_child );`
`45`	`45`	`}`
`46`	`46`
	`47`	`+ form_security_purge( 'manage_proj_update_children' );`
	`48`	`+`
`47`	`49`	`print_successful_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );`
Original file line number	Diff line number	Diff line change
`@@ -44,5 +44,7 @@`
`44`	`44`	`project_add_user( $f_project_id, $t_user_id, $f_access_level );`
`45`	`45`	`}`
`46`	`46`
	`47`	`+ form_security_purge( 'manage_proj_user_add' );`
	`48`	`+`
`47`	`49`	`print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );`
`48`	`50`	`?>`
Original file line number	Diff line number	Diff line change
`@@ -69,6 +69,8 @@`
`69`	`69`	`}`
`70`	`70`	`}`
`71`	`71`
	`72`	`+ form_security_purge( 'manage_proj_ver_add' );`
	`73`	`+`
`72`	`74`	`if ( true == $f_add_and_edit ) {`
`73`	`75`	`$t_version_id = version_get_id( $t_version, $f_project_id );`
`74`	`76`	`$t_redirect_url = 'manage_proj_ver_edit_page.php?version_id='.$t_version_id;`