HelpSpot 5 Portal Changes

Form CSRF Fields

A number of portal templates need a csrf token added after the form tag  <?php echo csrf_field(); ?> for added security. These updates will need to be made to any portal files that have been customized. The addition needed in each file is highlighted and the surrounding code is provided for context.

kb.page.tpl.php

<form action="index.php?pg=vote.helpful" name="votehelpful" method="POST">
<input type="hidden" name="xPage" value="<?php echo $this->page['xPage'] ?>">
<?php echo csrf_field(); ?>
</form>
<form action="index.php?pg=vote.nothelpful" name="votenothelpful" method="POST">
<input type="hidden" name="xPage" value="<?php echo $this->page['xPage'] ?>">
<?php echo csrf_field(); ?>
</form>

login.forgot.tpl.php

<form action="<?php echo route('portal.password.email') ?>" method="post">
    <?php echo csrf_field(); ?>
    <?php if( session('status') ): ?>

login.reset.tpl.php

<form action="<?php echo cHOST.'/index.php?pg=login.reset' ?>" method="post">
    <?php echo csrf_field(); ?>
    <?php if( session('status') ): ?>

loginbar.tpl.php

<form onsubmit="return false;">
    <?php echo csrf_field(); ?>
    <table id="change_password_box" style="display:none;border:1px solid #ccc;padding:10px;margin-bottom:10px;">

request.check.tpl.php

<?php if (!empty($this->get_id)) : ?>
    <form action="index.php?pg=request.check" method="post" enctype="multipart/form-data">
        <?php echo csrf_field(); ?>
        <input type="hidden" name="accesskey" value="<?php echo $this->get_id ?>" />
...

<form action="index.php?pg=login" method="post">
      <?php echo csrf_field(); ?>
      <p><b><?php echo lg_portal_req_login ?>:</b></p>

request.tpl.php

<form action="index.php?pg=request" method="post" enctype="multipart/form-data">
    <?php echo csrf_field(); ?>

    <?php /* Any field names listed in the 'required' hidden field will be checked by HelpSpot to make sure they're not empty */ ?>
    <input type="hidden" name="required" value="sEmail,fullname" />

CSS Changes

Changes to the attachments and added the following to all portal template css files:

.file-extension {
    display: inline-block;
    margin: 5px 0;
}
.file-name {
    display: inline-block;
    padding: 0 10px;
    margin-bottom: 5px;
}

This page was: Helpful | Not Helpful