Upgrade to 4.0.10.
[usit-rt.git] / share / html / Elements / CSRF
CommitLineData
84fb5b46
MKG
1%# BEGIN BPS TAGGED BLOCK {{{
2%#
3%# COPYRIGHT:
4%#
403d7b0b 5%# This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC
84fb5b46
MKG
6%# <sales@bestpractical.com>
7%#
8%# (Except where explicitly superseded by other copyright notices)
9%#
10%#
11%# LICENSE:
12%#
13%# This work is made available to you under the terms of Version 2 of
14%# the GNU General Public License. A copy of that license should have
15%# been provided with this software, but in any event can be snarfed
16%# from www.gnu.org.
17%#
18%# This work is distributed in the hope that it will be useful, but
19%# WITHOUT ANY WARRANTY; without even the implied warranty of
20%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21%# General Public License for more details.
22%#
23%# You should have received a copy of the GNU General Public License
24%# along with this program; if not, write to the Free Software
25%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26%# 02110-1301 or visit their web page on the internet at
27%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
28%#
29%#
30%# CONTRIBUTION SUBMISSION POLICY:
31%#
32%# (The following paragraph is not intended to limit the rights granted
33%# to you to modify and distribute this software under the terms of
34%# the GNU General Public License and is only of importance to you if
35%# you choose to contribute your changes and enhancements to the
36%# community by submitting them to Best Practical Solutions, LLC.)
37%#
38%# By intentionally submitting any modifications, corrections or
39%# derivatives to this work, or any other work intended for use with
40%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
41%# you are the copyright holder for those contributions and you grant
42%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43%# royalty-free, perpetual, license to use, copy, create derivative
44%# works based on those contributions, and sublicense and distribute
45%# those contributions and any derivatives thereof.
46%#
47%# END BPS TAGGED BLOCK }}}
48<& /Elements/Header, Title => loc('Possible cross-site request forgery') &>
49<& /Elements/Tabs &>
50
51<h1><&|/l&>Possible cross-site request forgery</&></h1>
52
53% my $strong_start = "<strong>";
54% my $strong_end = "</strong>";
dab09ea8 55<p><&|/l_unsafe, $strong_start, $strong_end, $Reason, $action &>RT has detected a possible [_1]cross-site request forgery[_2] for this request, because [_3]. A malicious attacker may be trying to [_1][_4][_2] on your behalf. If you did not initiate this request, then you should alert your security team.</&></p>
84fb5b46
MKG
56
57% my $start = qq|<strong><a href="$url_with_token">|;
58% my $end = qq|</a></strong>|;
dab09ea8 59<p><&|/l_unsafe, $escaped_path, $action, $start, $end &>If you really intended to visit [_1] and [_2], then [_3]click here to resume your request[_4].</&></p>
84fb5b46
MKG
60
61<& /Elements/Footer, %ARGS &>
62% $m->abort;
63<%ARGS>
64$OriginalURL => ''
65$Reason => ''
66$Token => ''
67</%ARGS>
68<%INIT>
69my $escaped_path = $m->interp->apply_escapes($OriginalURL, 'h');
70$escaped_path = "<tt>$escaped_path</tt>";
71
72my $url_with_token = URI->new($OriginalURL);
73$url_with_token->query_form([CSRF_Token => $Token]);
dab09ea8
MKG
74
75my $action = RT::Interface::Web::PotentialPageAction($OriginalURL) || loc("perform actions");
84fb5b46 76</%INIT>