*All* <FORM> blocks now contain a nonce field, and the use of

[citadel.git] / webcit / floors.c

diff --git a/webcit/floors.c b/webcit/floors.c
index bc92b445519abf7c3341b338281866e136325a5f..3ea670d8fc1f6730513874ecd565a59103682550 100644 (file)
--- a/webcit/floors.c
+++ b/webcit/floors.c
@@ -95,6 +95,7 @@ void display_floorconfig(char *prepend_html)
                        "<INPUT TYPE=\"text\" NAME=\"floorname\" "
                        "VALUE=\"%s\" MAXLENGTH=\"250\">\n",
                        floornum, floorname);
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
                wprintf("<INPUT TYPE=\"SUBMIT\" NAME=\"sc\" "
                        "VALUE=\"%s\">"
                        "</FORM></TD>", _("Change name"));
@@ -108,6 +109,7 @@ void display_floorconfig(char *prepend_html)
                        "<INPUT TYPE=\"text\" NAME=\"floorcss\" "
                        "VALUE=\"%s\" MAXLENGTH=\"250\">\n",
                        floornum, floorname);
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
                wprintf("<INPUT TYPE=\"SUBMIT\" NAME=\"sc\" "
                        "VALUE=\"%s\">"
                        "</FORM></TD>", _("Change CSS"));
@@ -116,8 +118,9 @@ void display_floorconfig(char *prepend_html)
        }
 
        wprintf("<TR><TD>&nbsp;</TD>"
-               "<TD><FORM METHOD=\"POST\" action=\"create_floor\">"
-               "<INPUT TYPE=\"text\" NAME=\"floorname\" "
+               "<TD><FORM METHOD=\"POST\" action=\"create_floor\">");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
+       wprintf("<INPUT TYPE=\"text\" NAME=\"floorname\" "
                "MAXLENGTH=\"250\">\n"
                "<INPUT TYPE=\"SUBMIT\" NAME=\"sc\" "
                "VALUE=\"%s\">"