Replaced the "accounting-dummy-form" name with the dummy CSRF token to work with OWASP ZAP CSRF token scans.

2023-05-22 18:32:24 +08:00 · 2023-05-22 18:32:24 +08:00 · 3b8a2e3bb1
commit 3b8a2e3bb1
parent 9e4927ee0b
3 changed files with 6 additions and 3 deletions
--- a/src/accounting/templates/accounting/journal-entry/include/description-editor-modal.html
+++ b/src/accounting/templates/accounting/journal-entry/include/description-editor-modal.html
@ -19,7 +19,8 @@ description-editor-modal.html: The modal of the description editor
 Author: imacat@mail.imacat.idv.tw (imacat)
 First written: 2023/2/28
 #}
-<form id="accounting-description-editor-{{ description_editor.debit_credit }}" class="accounting-description-editor" name="accounting-dummy-form" data-debit-credit="{{ description_editor.debit_credit }}">
+<form id="accounting-description-editor-{{ description_editor.debit_credit }}" class="accounting-description-editor" data-debit-credit="{{ description_editor.debit_credit }}">
+  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
  <div id="accounting-description-editor-{{ description_editor.debit_credit }}-modal" class="modal fade" tabindex="-1" aria-labelledby="accounting-description-editor-{{ description_editor.debit_credit }}-modal-label" aria-hidden="true">
    <div class="modal-dialog">
      <div class="modal-content">
--- a/src/accounting/templates/accounting/journal-entry/include/journal-entry-line-item-editor-modal.html
+++ b/src/accounting/templates/accounting/journal-entry/include/journal-entry-line-item-editor-modal.html
@ -19,7 +19,8 @@ journal-entry-line-item-editor-modal: The modal of the journal entry line item e
 Author: imacat@mail.imacat.idv.tw (imacat)
 First written: 2023/2/25
 #}
-<form id="accounting-line-item-editor" name="accounting-dummy-form">
+<form id="accounting-line-item-editor">
+  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
  <div id="accounting-line-item-editor-modal" class="modal fade" tabindex="-1" aria-labelledby="accounting-line-item-editor-modal-label" aria-hidden="true">
    <div class="modal-dialog">
      <div class="modal-content">
--- a/src/accounting/templates/accounting/option/include/recurring-item-editor-modal.html
+++ b/src/accounting/templates/accounting/option/include/recurring-item-editor-modal.html
@ -19,7 +19,8 @@ recurring-item-editor-modal.html: The modal of the recurring item editor
 Author: imacat@mail.imacat.idv.tw (imacat)
 First written: 2023/3/22
 #}
-<form id="accounting-recurring-item-editor-{{ expense_income }}" name="accounting-dummy-form">
+<form id="accounting-recurring-item-editor-{{ expense_income }}">
+  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
  <div id="accounting-recurring-item-editor-{{ expense_income }}-modal" class="modal fade" tabindex="-1" aria-labelledby="accounting-recurring-item-editor-{{ expense_income }}-modal-label" aria-hidden="true">
    <div class="modal-dialog">
      <div class="modal-content">