From ae47437ab709d0091c8aaa2d19c54346171f8a7b Mon Sep 17 00:00:00 2001 From: xisi Date: Wed, 29 Jan 2014 09:41:50 -0500 Subject: [PATCH] fixed worker delete csrf thing I stubbed earlier took to field out of the rest of the login forms --- public/include/pages/account/workers.inc.php | 10 +++------- public/templates/mobile/login/default.tpl | 1 - public/templates/mpos/login/small.tpl | 1 - 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/public/include/pages/account/workers.inc.php b/public/include/pages/account/workers.inc.php index 7403e0fa..b861600d 100644 --- a/public/include/pages/account/workers.inc.php +++ b/public/include/pages/account/workers.inc.php @@ -4,14 +4,10 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1; if ($user->isAuthenticated()) { switch (@$_REQUEST['do']) { case 'delete': - if (!$config['csrf']['enabled'] || ($config['csrf']['enabled'])) { - if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success'); - } else { - $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); - } + if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success'); } else { - $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info'); + $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); } break; diff --git a/public/templates/mobile/login/default.tpl b/public/templates/mobile/login/default.tpl index 42df1902..d179f023 100644 --- a/public/templates/mobile/login/default.tpl +++ b/public/templates/mobile/login/default.tpl @@ -1,5 +1,4 @@
-

diff --git a/public/templates/mpos/login/small.tpl b/public/templates/mpos/login/small.tpl index 7ed9b55c..32b61fe5 100644 --- a/public/templates/mpos/login/small.tpl +++ b/public/templates/mpos/login/small.tpl @@ -3,7 +3,6 @@ -