From a36a0c5b79e44e44e15c4fce62fc50c7590c4253 Mon Sep 17 00:00:00 2001 From: xisi Date: Fri, 17 Jan 2014 06:53:19 -0500 Subject: [PATCH] [UPDATE] CSRF protection + User/IP/Date & time added to login notification * Adds CSRF protection for multiple pages, see bottom * Adds User/IP/Date & time to successful login notification * New config option for sitewide CSRF protection * Fixed a bug in the contact form * Lots of cleanup related to CSRF stuff * Increments config version * CSRF protection: register, contact, account edit, workers, notifications, and invites --- public/include/config/global.inc.dist.php | 2 +- public/include/version.inc.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php index f8ae62ef..c4dcd220 100644 --- a/public/include/config/global.inc.dist.php +++ b/public/include/config/global.inc.dist.php @@ -7,7 +7,7 @@ if (!defined('SECURITY')) die('Hacking attempt'); * This is used in the version check to ensure you run the latest version of the configuration file. * Once you upgraded your config, change the version here too. **/ -$config['version'] = '0.0.4'; +$config['version'] = '0.0.5'; // Our include directory for additional features define('INCLUDE_DIR', BASEPATH . 'include'); diff --git a/public/include/version.inc.php b/public/include/version.inc.php index 21dd0010..e132eb5e 100644 --- a/public/include/version.inc.php +++ b/public/include/version.inc.php @@ -5,7 +5,7 @@ if (!defined('SECURITY')) die('Hacking attempt'); define('MPOS_VERSION', '0.0.2'); define('DB_VERSION', '0.0.3'); -define('CONFIG_VERSION', '0.0.4'); +define('CONFIG_VERSION', '0.0.5'); // Fetch installed database version $db_version = $setting->getValue('DB_VERSION');