1
0
mirror of https://github.com/e107inc/e107.git synced 2025-03-14 01:19:44 +01:00

Token checks added.

This commit is contained in:
Cameron 2021-09-14 13:28:03 -07:00
parent 6020de66e1
commit 2682aeaa27
6 changed files with 43 additions and 12 deletions

View File

@ -10,7 +10,10 @@
*
*
*/
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php');
if (!getperms('4'))
@ -534,7 +537,7 @@ class banlist_ui extends e_admin_ui
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_ban_prefs', LAN_UPDATE, 'update')."
<input type='hidden' name='e-token' value='".e_TOKEN."' />
<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
</div>
</fieldset>
</form>
@ -651,7 +654,7 @@ class banlist_ui extends e_admin_ui
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_ban_options', LAN_UPDATE, 'update')."
<input type='hidden' name='e-token' value='".e_TOKEN."' />
<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
</div>
</fieldset>
<fieldset id='core-banlist-options-ban'>
@ -666,7 +669,7 @@ class banlist_ui extends e_admin_ui
<td>".BANLAN_75."</td>
<td>
".$frm->admin_button('remove_expired_bans', BANLAN_76, 'delete')."
<input type='hidden' name='e-token' value='".e_TOKEN."' />
<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
</td>
</tr>
</tbody>

View File

@ -10,6 +10,10 @@
*
*/
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__."/../class2.php");
if (!getperms("C"))
@ -205,6 +209,7 @@ $text = "
'empty_browsercache' => CACLAN_27,
))."
".$frm->admin_button('trigger_empty_cache', LAN_DELETE, 'delete')."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
</fieldset>
</form>";

View File

@ -10,7 +10,10 @@
*
*
*/
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php');
if (!getperms("F"))
{
@ -157,6 +160,7 @@ class emotec
</table>
<div class='buttons-bar center'>
" . $frm->admin_button('active', 'active', 'update', LAN_UPDATE) . "
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
<fieldset>
</form>
@ -228,7 +232,7 @@ class emotec
}
$text .= $frm->admin_button('XMLPack_' . $pack, 'submit', 'default', EMOLAN_28);
$text .= "
$text .= "<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</td>
</tr>
";

View File

@ -9,7 +9,10 @@
* URL and front controller Management
*
*/
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php');
if (!getperms('K'))
{
@ -328,7 +331,9 @@ class eurl_admin_ui extends e_admin_controller_ui
}
$text .= "<div class='buttons-bar center'>".$frm->button('saveSimpleSef',LAN_SAVE, 'submit')."</div>";
$text .= $frm->token();
$text .= $frm->close();
$text .= "</div>";
return $text;
}
@ -444,7 +449,8 @@ class eurl_admin_ui extends e_admin_controller_ui
</tbody>
</table>
<div class='buttons-bar center'>
".$form->admin_button('update', LAN_UPDATE, 'update')."
".$form->admin_button('update', LAN_UPDATE, 'update').
$form->token()."
</div>
</fieldset>
</form>
@ -564,7 +570,8 @@ class eurl_admin_ui extends e_admin_controller_ui
</tbody>
</table>
<div class='buttons-bar center'>
".$form->admin_button('update', LAN_UPDATE, 'update')."
".$form->admin_button('update', LAN_UPDATE, 'update').
$form->token()."
</div>
</fieldset>
</form>

View File

@ -9,7 +9,10 @@
* Search Administration
*
*/
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php');
if (!getperms('X'))
{
@ -277,6 +280,7 @@ if ($query[0] == 'settings')
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_prefs', LAN_UPDATE, 'update')."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
</fieldset>
</form>
@ -348,6 +352,7 @@ elseif ($query[0] == 'edit')
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_handler', 'no-value', 'update', LAN_UPDATE)."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
</fieldset>
</form>
@ -520,6 +525,7 @@ else
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_main','no-value','update',LAN_UPDATE)."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
</fieldset>
</form>

View File

@ -1,7 +1,10 @@
<?php
// Generated e107 Plugin Admin Area
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../../class2.php');
if (!getperms('P'))
{
@ -443,9 +446,10 @@ class social_ui extends e_admin_ui
$ret .= "<div class='buttons-bar center'>
".$frm->button('save_social_pages',1,'submit',LAN_SAVE)."
</div>";
$ret .= $frm->token();
$ret .= $frm->close();
return $ret;
@ -467,6 +471,7 @@ class social_ui extends e_admin_ui
$text .= $this->generateSocialLoginForm($var);
$text .= "<div class='buttons-bar center'>".$frm->button('save_social_logins',1,'submit',LAN_ADD)."</div>";
$text .= $frm->token();
$text .= $frm->close();
return $text;
@ -563,6 +568,7 @@ class social_ui extends e_admin_ui
</div>";
$ret .= $frm->token();
$ret .= $frm->close();
return $ret;