Enable CSRF protection (#10447)

* Enable CSRF protection

* fix style issues

includes/html/pages/device/edit/alerts.inc.php

@@ -54,6 +54,7 @@ $disable_notify             = get_dev_attrib($device, 'disable_notify');
 
 
 <form id="edit" name="edit" method="post" action="" role="form" class="form-horizontal">
+    <?php echo csrf_field() ?>
   <input type="hidden" name="editing" value="yes">
   <div class="form-group">
     <label for="override_sysContact" class="col-sm-3 control-label">Override sysContact:</label>

includes/html/pages/device/edit/component.inc.php

@@ -1,6 +1,7 @@
 <span id="message"><small><div class="alert alert-danger">n.b For the first time, please click any button twice.</div></small></span>
 
 <form id='components' class='form-inline' method='POST'>
+    <?php echo csrf_field() ?>
     <table id='table' class='table table-condensed table-responsive table-striped'>
         <thead>
             <tr>

includes/html/pages/device/edit/device.inc.php

@@ -75,6 +75,7 @@ if ($_POST['editing']) {
 <div class="row">
     <div class="col-md-1 col-md-offset-2">
         <form id="delete_host" name="delete_host" method="post" action="delhost/" role="form">
+            <?php echo csrf_field() ?>
             <input type="hidden" name="id" value="<?php echo($device['device_id']); ?>">
             <button type="submit" class="btn btn-danger" name="Submit"><i class="fa fa-trash"></i> Delete device</button>
         </form>
@@ -91,6 +92,7 @@ if ($_POST['editing']) {
 </div>
 <br>
 <form id="edit" name="edit" method="post" action="" role="form" class="form-horizontal">
+<?php echo csrf_field() ?>
 <input type=hidden name="editing" value="yes">
     <div class="form-group" data-toggle="tooltip" data-container="body" data-placement="bottom" title="Change the hostname used for name resolution" >
         <label for="edit-hostname-input" class="col-sm-2 control-label" >Hostname:</label>

includes/html/pages/device/edit/ipmi.inc.php

@@ -44,6 +44,7 @@ if ($updated && $update_message) {
 <h3>IPMI settings</h3>
 
 <form id="edit" name="edit" method="post" action="" role="form" class="form-horizontal">
+<?php echo csrf_field() ?>
 <input type="hidden" name="editing" value="yes">
   <div class="form-group">
     <label for="ipmi_hostname" class="col-sm-2 control-label">IPMI/BMC Hostname</label>

includes/html/pages/device/edit/misc.inc.php

@@ -2,6 +2,7 @@
 
 echo '
 <form class="form-horizontal">
+    ' . csrf_field() . '
     <div class="form-group">
         <label for="icmp" class="col-sm-4 control-label">Disable ICMP Test?</label>
         <div class="col-sm-8">

includes/html/pages/device/edit/ports.inc.php

@@ -3,6 +3,7 @@
 <span id="message"><small><div class="alert alert-danger">n.b For the first time, please click any button twice.</div></small></span>
 
 <form id='ignoreport' name='ignoreport' method='post' action='' role='form' class='form-inline'>
+    <?php echo csrf_field() ?>
     <input type='hidden' name='ignoreport' value='yes'>
     <input type='hidden' name='type' value='update-ports'>
     <input type='hidden' name='device' value='<?php echo $device['device_id'];?>'>

includes/html/pages/device/edit/sensors-common.php

@@ -19,6 +19,7 @@ echo "<h3>$title</h3>";
 ?>
 
 <form class="form-inline">
+<?php echo csrf_field() ?>
 <table class="table table-hover table-condensed table-bordered">
   <tr class="info">
     <th>Class</th>
@@ -95,6 +96,7 @@ foreach (dbFetchRows("SELECT * FROM `$table` WHERE `device_id` = ? AND `sensor_d
 </form>
 <form id="alert-reset">
 <?php
+echo csrf_field();
 foreach ($rollback as $reset_data) {
     echo '
         <input type="hidden" name="sensor_id[]" value="'.$reset_data['sensor_id'].'">

includes/html/pages/device/edit/snmp.inc.php

@@ -117,6 +117,7 @@ $max_oid = get_dev_attrib($device, 'snmp_max_oid');
 
 echo "
     <form id='edit' name='edit' method='post' action='' role='form' class='form-horizontal'>
+    " . csrf_field() . "
     <div class='form-group'>
     <label for='hardware' class='col-sm-2 control-label'>SNMP</label>
     <div class='col-sm-4'>