Implement CSRF check on "Assure someone"

[gigi.git] / tests / org / cacert / gigi / pages / wot / TestAssurance.java

diff --git a/tests/org/cacert/gigi/pages/wot/TestAssurance.java b/tests/org/cacert/gigi/pages/wot/TestAssurance.java
index 54a85d8bd964b34321a20a87601e251ed212fa72..769767cd76f41b1ff329fb17cf150d429aa0fa1e 100644 (file)
--- a/tests/org/cacert/gigi/pages/wot/TestAssurance.java
+++ b/tests/org/cacert/gigi/pages/wot/TestAssurance.java
@@ -141,10 +141,11 @@ public class TestAssurance extends ManagedTest {
                                + assuree);
                URLConnection uc = u.openConnection();
                uc.addRequestProperty("Cookie", cookie);
-               uc.getInputStream();// request form
+               String csrf = getCSRF(uc);
                uc = u.openConnection();
                uc.addRequestProperty("Cookie", cookie);
                uc.setDoOutput(true);
+               uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes());
                return uc;
        }