X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fhttp%2Fpages%2Fcontrolboardpage.cpp;h=fa8369d0067c433fd6bab6d1961c2573e96c9272;hb=b7f3b3e6ae9dc527f02b5c06e2eeae0e9cac3ad8;hp=380e3de721b2e7aed212d871ba02bef33302a1ac;hpb=dec33c63afafabf83c3039e916725cac6faef9b3;p=fms.git

diff --git a/src/http/pages/controlboardpage.cpp b/src/http/pages/controlboardpage.cpp
index 380e3de..fa8369d 100644
--- a/src/http/pages/controlboardpage.cpp
+++ b/src/http/pages/controlboardpage.cpp
@@ -23,7 +23,7 @@ const std::string ControlBoardPage::GeneratePage(const std::string &method, cons
 
 	if(queryvars.find("formaction")!=queryvars.end())
 	{
-		if((*queryvars.find("formaction")).second=="remove" && queryvars.find("boardid")!=queryvars.end())
+		if((*queryvars.find("formaction")).second=="remove" && queryvars.find("boardid")!=queryvars.end() && ValidateFormPassword(queryvars))
 		{
 			int boardid=0;
 			StringFunctions::Convert((*queryvars.find("boardid")).second,boardid);
@@ -36,7 +36,7 @@ const std::string ControlBoardPage::GeneratePage(const std::string &method, cons
 			st.Bind(0,boardid);
 			st.Step();
 
-			st=m_db->Prepare("DELETE FROM tblMessage WHERE MessageUUID IN (SELECT MessageUUID FROM tblMessage INNER JOIN tblMessageBoard ON tblMessage.MessageID=tblMessageBoard.MessageID WHERE BoardID=?);");
+			st=m_db->Prepare("DELETE FROM tblMessage WHERE MessageUUID IN (SELECT MessageUUID FROM tblMessage INNER JOIN tblMessageBoard ON tblMessage.MessageID=tblMessageBoard.MessageID WHERE BoardID=? AND MessageUUID IS NOT NULL);");
 			st.Bind(0,boardid);
 			st.Step();
 
@@ -45,7 +45,7 @@ const std::string ControlBoardPage::GeneratePage(const std::string &method, cons
 			st.Step();
 
 		}
-		if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && (*queryvars.find("boardname")).second!="")
+		if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && (*queryvars.find("boardname")).second!="" && ValidateFormPassword(queryvars))
 		{
 			Poco::DateTime date;
 			st=m_db->Prepare("INSERT INTO tblBoard(BoardName,DateAdded) VALUES(?,?);");
@@ -90,6 +90,7 @@ const std::string ControlBoardPage::GeneratePage(const std::string &method, cons
 		content+="<td>"+changetrustlisttruststr+"</td>\r\n";
 		content+="<td>";
 		content+="<form name=\"frmremove\" method=\"POST\">";
+		content+=CreateFormPassword();
 		content+="<input type=\"hidden\" name=\"formaction\" value=\"remove\">";
 		content+="<input type=\"hidden\" name=\"boardid\" value=\""+boardidstr+"\">";
 		content+="<input type=\"submit\" value=\"Remove\">";
@@ -102,6 +103,7 @@ const std::string ControlBoardPage::GeneratePage(const std::string &method, cons
 	content+="<tr>";
 	content+="<td>";
 	content+="<form name=\"frmaddboard\" method=\"POST\">";
+	content+=CreateFormPassword();
 	content+="<input type=\"hidden\" name=\"formaction\" value=\"addboard\">";
 	content+="<input type=\"text\" name=\"boardname\">";
 	content+="</td>\r\n<td>";