diff --git a/lam/lib/html.inc b/lam/lib/html.inc
index 38149d49..b273b9f9 100644
--- a/lam/lib/html.inc
+++ b/lam/lib/html.inc
@@ -642,19 +642,20 @@ class htmlInputField extends htmlElement {
';
}
if ($this->checkPasswordStrength) {
- $tokenSuffix = '?' . getSecurityTokenName() . '=' . getSecurityTokenValue();
+ $query = '?noselfservice=1';
if (isSelfService()) {
- $tokenSuffix .= '&selfservice=1';
+ $query = '?selfservice=1';
}
- $ajaxPath = "../templates/misc/ajax.php" . $tokenSuffix;
+ $ajaxPath = "../templates/misc/ajax.php";
if (is_file("../../templates/misc/ajax.php")) {
- $ajaxPath = "../../templates/misc/ajax.php" . $tokenSuffix;
+ $ajaxPath = "../../templates/misc/ajax.php";
}
elseif (is_file("../../../templates/misc/ajax.php")) {
- $ajaxPath = "../../../templates/misc/ajax.php" . $tokenSuffix;
+ $ajaxPath = "../../../templates/misc/ajax.php";
}
+ $ajaxPath .= $query;
echo '
';
}
diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc
index ab8a4206..e9ec7d42 100644
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@@ -2,10 +2,9 @@
use LAM\TYPES\ConfiguredType;
use \LAM\TYPES\TypeManager;
/*
-$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
- Copyright (C) 2003 - 2017 Roland Gruber
+ Copyright (C) 2003 - 2018 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -1278,8 +1277,8 @@ class accountContainer {
$passwordButton = new htmlButton('accountContainerPassword', _('Set password'));
$passwordButton->setIconClass('passwordButton');
$passwordButton->setOnClick('passwordShowChangeDialog(\'' . _('Set password') . '\', \'' . _('Ok') . '\', \''
- . _('Cancel') . '\', \'' . _('Set random password') . '\', \'../misc/ajax.php?function=passwordChange&'
- . getSecurityTokenName() . '=' . getSecurityTokenValue() . '\');');
+ . _('Cancel') . '\', \'' . _('Set random password') . '\', \'../misc/ajax.php?function=passwordChange\',\''
+ . getSecurityTokenName() . '\',\'' . getSecurityTokenValue() . '\');');
$leftButtonGroup->addElement($passwordButton);
}
$table->addElement($leftButtonGroup);
diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc
index 555c1340..b88aab18 100644
--- a/lam/lib/modules/inetOrgPerson.inc
+++ b/lam/lib/modules/inetOrgPerson.inc
@@ -1,11 +1,10 @@
setHeader();
// check token
- validateSecurityToken(false);
+ validateSecurityToken();
if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) {
enforceUserIsLoggedIn();
diff --git a/lam/templates/upload/massDoUpload.php b/lam/templates/upload/massDoUpload.php
index 8fc64745..883e57b8 100644
--- a/lam/templates/upload/massDoUpload.php
+++ b/lam/templates/upload/massDoUpload.php
@@ -1,10 +1,9 @@