Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ThemeManagementController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r2c2a416960cfa22ad1882d9ef21d3f932efc26d2 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ThemeManagementController.java (.../ThemeManagementController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ThemeManagementController.java (.../ThemeManagementController.java) (revision 2c2a416960cfa22ad1882d9ef21d3f932efc26d2) @@ -40,6 +40,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; /** * Actions for maintaining and altering system themes @@ -83,7 +84,7 @@ return "themeManagement"; } - @RequestMapping(path = "/addOrEditTheme") + @RequestMapping(path = "/addOrEditTheme", method = RequestMethod.POST) public String addOrEditTheme(@ModelAttribute ThemeForm themeForm, HttpServletRequest request, HttpServletResponse response) throws Exception { Index: lams_admin/web/themeManagement.jsp =================================================================== diff -u -r37bb2ae017713b44cdfd6a55cfceca28c3efab02 -r2c2a416960cfa22ad1882d9ef21d3f932efc26d2 --- lams_admin/web/themeManagement.jsp (.../themeManagement.jsp) (revision 37bb2ae017713b44cdfd6a55cfceca28c3efab02) +++ lams_admin/web/themeManagement.jsp (.../themeManagement.jsp) (revision 2c2a416960cfa22ad1882d9ef21d3f932efc26d2) @@ -70,7 +70,7 @@ function submitForm(methodName) { var f = document.getElementById('themeForm'); if (methodName) { - f.action = methodName + ".do"; + f.action = methodName + ".do?"; } f.submit(); } @@ -149,10 +149,10 @@
- + + -
Index: lams_central/conf/security/Owasp.CsrfGuard.properties =================================================================== diff -u -r3a9b27c6f8b3eb0462a2a9d91a6aa0b43645442f -r2c2a416960cfa22ad1882d9ef21d3f932efc26d2 --- lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision 3a9b27c6f8b3eb0462a2a9d91a6aa0b43645442f) +++ lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision 2c2a416960cfa22ad1882d9ef21d3f932efc26d2) @@ -24,8 +24,11 @@ org.owasp.csrfguard.protected.adminExtserverEnable=/lams/admin/extserver/enable.do org.owasp.csrfguard.protected.adminToolsDisable=/lams/admin/toolcontentlist/disable.do org.owasp.csrfguard.protected.adminToolsEnable=/lams/admin/toolcontentlist/enable.do +org.owasp.csrfguard.protected.adminThemeSave=/lams/admin/themeManagement/addOrEditTheme.do +org.owasp.csrfguard.protected.adminThemeRemove=/lams/admin/themeManagement/removeTheme.do org.owasp.csrfguard.protected.centralSaveUserProfile=/lams/saveprofile.do +org.owasp.csrfguard.protected.centralOutcomeSave=/lams/outcome/outcomeSave.do org.owasp.csrfguard.protected.assessmentDefineLater=/lams/tool/laasse10/authoring/definelater.do org.owasp.csrfguard.protected.assessmentSubmissionDeadline=/lams/tool/laasse10/monitoring/setSubmissionDeadline.do Index: lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java =================================================================== diff -u -rf13b8a48b9a1cfaee56a654ba751a9736616b726 -r2c2a416960cfa22ad1882d9ef21d3f932efc26d2 --- lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java (.../OutcomeController.java) (revision f13b8a48b9a1cfaee56a654ba751a9736616b726) +++ lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java (.../OutcomeController.java) (revision 2c2a416960cfa22ad1882d9ef21d3f932efc26d2) @@ -64,6 +64,7 @@ import org.springframework.util.MultiValueMap; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.multipart.MultipartFile; @@ -156,7 +157,7 @@ } @SuppressWarnings("unchecked") - @RequestMapping("/outcomeSave") + @RequestMapping(path = "/outcomeSave", method = RequestMethod.POST) public String outcomeSave(@ModelAttribute OutcomeForm outcomeForm, HttpServletRequest request, HttpServletResponse response) throws Exception { Integer userId = getUserDTO().getUserID(); @@ -786,4 +787,4 @@ } } -} \ No newline at end of file +} Index: lams_central/web/outcome/outcomeEdit.jsp =================================================================== diff -u -rfd2cfad55c7c517931f69334ce644d509ec28140 -r2c2a416960cfa22ad1882d9ef21d3f932efc26d2 --- lams_central/web/outcome/outcomeEdit.jsp (.../outcomeEdit.jsp) (revision fd2cfad55c7c517931f69334ce644d509ec28140) +++ lams_central/web/outcome/outcomeEdit.jsp (.../outcomeEdit.jsp) (revision 2c2a416960cfa22ad1882d9ef21d3f932efc26d2) @@ -3,6 +3,7 @@ <%@ taglib uri="tags-fmt" prefix="fmt"%> <%@ taglib uri="tags-core" prefix="c"%> <%@ taglib uri="tags-function" prefix="fn" %> +<%@ taglib uri="csrfguard" prefix="csrf" %> <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> @@ -47,8 +48,8 @@ - - + + @@ -123,4 +124,4 @@ - \ No newline at end of file +