Added new modules to help prevent Cross Site Request Forgery Made changes to prevent arbitrary code exection on AdmPortal. Issue-ID: OJSI-40 Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04

commit: 18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6 [log] [tgz]
author: Rotundo, Al (ar3165) <ar3165@att.com> Wed Jul 31 14:46:56 2019 +0000
committer: Timoney, Dan (dt5972) <dtimoney@att.com> Wed Jul 31 14:31:07 2019 -0400
tree: 39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb
parent: 33e9f85700d3ba17f95a69011d2d2932d4b98df0 [diff] [blame]
diff --git a/admportal/views/pages/signup.ejs b/admportal/views/pages/signup.ejs
index 03ac7bc..2a03953 100644
--- a/admportal/views/pages/signup.ejs
+++ b/admportal/views/pages/signup.ejs

@@ -33,6 +33,7 @@
       <form class="form-signin" method="POST" action="/formSignUp">
         <h3 class="form-signin-heading">AdminPortal Signup</h3>
 
+				<input type="hidden" name="_csrf" value="<%= csrfToken %>" />
         <input type="email" name="nf_email" id="nf_email" class="form-control" placeholder="Email Address" required>
         <input type="password" name="nf_password" id="nf_password" class="form-control" placeholder="Password" required>
commit	18dcbec3a5a99a57d0ef43a06a99c2ab17c2eed6	[log] [tgz]
author	Rotundo, Al (ar3165) <ar3165@att.com>	Wed Jul 31 14:46:56 2019 +0000
committer	Timoney, Dan (dt5972) <dtimoney@att.com>	Wed Jul 31 14:31:07 2019 -0400
tree	39c938d972c6a3fefbb5c8350c2141fb8ee1e5eb
parent	33e9f85700d3ba17f95a69011d2d2932d4b98df0 [diff] [blame]