Token checks added.

2025-08-19 04:41:53 +02:00 · 2021-09-14 13:28:03 -07:00
parent 6020de66e1
commit 2682aeaa27
6 changed files with 43 additions and 12 deletions
--- a/e107_admin/banlist.php
+++ b/e107_admin/banlist.php
@@ -10,7 +10,10 @@
 *
 *
 */
-
+if(!empty($_POST) && !isset($_POST['e-token']))
+{
+	$_POST['e-token'] = '';
+}
 require_once(__DIR__.'/../class2.php');

 if (!getperms('4'))
@@ -534,7 +537,7 @@ class banlist_ui extends e_admin_ui
 						</table>
 						<div class='buttons-bar center'>
 							".$frm->admin_button('update_ban_prefs', LAN_UPDATE, 'update')."
-							<input type='hidden' name='e-token' value='".e_TOKEN."' />
+							<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
 						</div>
 					</fieldset>
 				</form>
@@ -651,7 +654,7 @@ class banlist_ui extends e_admin_ui
 						</table>
 						<div class='buttons-bar center'>
 							".$frm->admin_button('update_ban_options', LAN_UPDATE, 'update')."
-							<input type='hidden' name='e-token' value='".e_TOKEN."' />
+							<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
 						</div>
 					</fieldset>
 					<fieldset id='core-banlist-options-ban'>
@@ -666,7 +669,7 @@ class banlist_ui extends e_admin_ui
 									<td>".BANLAN_75."</td>
 									<td>
 										".$frm->admin_button('remove_expired_bans', BANLAN_76, 'delete')."
-										<input type='hidden' name='e-token' value='".e_TOKEN."' />
+										<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
 									</td>
 								</tr>
 							</tbody>