mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-02 12:48:26 +02:00
Code Issues Releases Wiki Activity

Token checks added.

Browse Source
This commit is contained in:
Cameron
2021-09-14 13:28:03 -07:00
parent 6020de66e1
commit 2682aeaa27
6 changed files with 43 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
e107_admin/banlist.php
View File

@@ -10,7 +10,10 @@
* *
* *
*/ */
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php'); require_once(__DIR__.'/../class2.php');
if (!getperms('4')) if (!getperms('4'))
@@ -534,7 +537,7 @@ class banlist_ui extends e_admin_ui
</table> </table>
<div class='buttons-bar center'> <div class='buttons-bar center'>
".$frm->admin_button('update_ban_prefs', LAN_UPDATE, 'update')." ".$frm->admin_button('update_ban_prefs', LAN_UPDATE, 'update')."
<input type='hidden' name='e-token' value='".e_TOKEN."' /> <input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
</div> </div>
</fieldset> </fieldset>
</form> </form>
@@ -651,7 +654,7 @@ class banlist_ui extends e_admin_ui
</table> </table>
<div class='buttons-bar center'> <div class='buttons-bar center'>
".$frm->admin_button('update_ban_options', LAN_UPDATE, 'update')." ".$frm->admin_button('update_ban_options', LAN_UPDATE, 'update')."
<input type='hidden' name='e-token' value='".e_TOKEN."' /> <input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
</div> </div>
</fieldset> </fieldset>
<fieldset id='core-banlist-options-ban'> <fieldset id='core-banlist-options-ban'>
@@ -666,7 +669,7 @@ class banlist_ui extends e_admin_ui
<td>".BANLAN_75."</td> <td>".BANLAN_75."</td>
<td> <td>
".$frm->admin_button('remove_expired_bans', BANLAN_76, 'delete')." ".$frm->admin_button('remove_expired_bans', BANLAN_76, 'delete')."
<input type='hidden' name='e-token' value='".e_TOKEN."' /> <input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
</td> </td>
</tr> </tr>
</tbody> </tbody>

5
e107_admin/cache.php
View File

@@ -10,6 +10,10 @@
* *
*/ */
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__."/../class2.php"); require_once(__DIR__."/../class2.php");
if (!getperms("C")) if (!getperms("C"))
@@ -205,6 +209,7 @@ $text = "
'empty_browsercache' => CACLAN_27, 'empty_browsercache' => CACLAN_27,
))." ))."
".$frm->admin_button('trigger_empty_cache', LAN_DELETE, 'delete')." ".$frm->admin_button('trigger_empty_cache', LAN_DELETE, 'delete')."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div> </div>
</fieldset> </fieldset>
</form>"; </form>";

8
e107_admin/emoticon.php
View File

@@ -10,7 +10,10 @@
* *
* *
*/ */
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php'); require_once(__DIR__.'/../class2.php');
if (!getperms("F")) if (!getperms("F"))
{ {
@@ -157,6 +160,7 @@ class emotec
</table> </table>
<div class='buttons-bar center'> <div class='buttons-bar center'>
" . $frm->admin_button('active', 'active', 'update', LAN_UPDATE) . " " . $frm->admin_button('active', 'active', 'update', LAN_UPDATE) . "
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div> </div>
<fieldset> <fieldset>
</form> </form>
@@ -228,7 +232,7 @@ class emotec
} }
$text .= $frm->admin_button('XMLPack_' . $pack, 'submit', 'default', EMOLAN_28); $text .= $frm->admin_button('XMLPack_' . $pack, 'submit', 'default', EMOLAN_28);
$text .= " $text .= "<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</td> </td>
</tr> </tr>
"; ";

13
e107_admin/eurl.php
View File

@@ -9,7 +9,10 @@
* URL and front controller Management * URL and front controller Management
* *
*/ */
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php'); require_once(__DIR__.'/../class2.php');
if (!getperms('K')) if (!getperms('K'))
{ {
@@ -328,7 +331,9 @@ class eurl_admin_ui extends e_admin_controller_ui
} }
$text .= "<div class='buttons-bar center'>".$frm->button('saveSimpleSef',LAN_SAVE, 'submit')."</div>"; $text .= "<div class='buttons-bar center'>".$frm->button('saveSimpleSef',LAN_SAVE, 'submit')."</div>";
$text .= $frm->token();
$text .= $frm->close(); $text .= $frm->close();
$text .= "</div>"; $text .= "</div>";
return $text; return $text;
} }
@@ -444,7 +449,8 @@ class eurl_admin_ui extends e_admin_controller_ui
</tbody> </tbody>
</table> </table>
<div class='buttons-bar center'> <div class='buttons-bar center'>
".$form->admin_button('update', LAN_UPDATE, 'update')." ".$form->admin_button('update', LAN_UPDATE, 'update').
$form->token()."
</div> </div>
</fieldset> </fieldset>
</form> </form>
@@ -564,7 +570,8 @@ class eurl_admin_ui extends e_admin_controller_ui
</tbody> </tbody>
</table> </table>
<div class='buttons-bar center'> <div class='buttons-bar center'>
".$form->admin_button('update', LAN_UPDATE, 'update')." ".$form->admin_button('update', LAN_UPDATE, 'update').
$form->token()."
</div> </div>
</fieldset> </fieldset>
</form> </form>

8
e107_admin/search.php
View File

@@ -9,7 +9,10 @@
* Search Administration * Search Administration
* *
*/ */
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php'); require_once(__DIR__.'/../class2.php');
if (!getperms('X')) if (!getperms('X'))
{ {
@@ -277,6 +280,7 @@ if ($query[0] == 'settings')
</table> </table>
<div class='buttons-bar center'> <div class='buttons-bar center'>
".$frm->admin_button('update_prefs', LAN_UPDATE, 'update')." ".$frm->admin_button('update_prefs', LAN_UPDATE, 'update')."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div> </div>
</fieldset> </fieldset>
</form> </form>
@@ -348,6 +352,7 @@ elseif ($query[0] == 'edit')
</table> </table>
<div class='buttons-bar center'> <div class='buttons-bar center'>
".$frm->admin_button('update_handler', 'no-value', 'update', LAN_UPDATE)." ".$frm->admin_button('update_handler', 'no-value', 'update', LAN_UPDATE)."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div> </div>
</fieldset> </fieldset>
</form> </form>
@@ -520,6 +525,7 @@ else
</table> </table>
<div class='buttons-bar center'> <div class='buttons-bar center'>
".$frm->admin_button('update_main','no-value','update',LAN_UPDATE)." ".$frm->admin_button('update_main','no-value','update',LAN_UPDATE)."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div> </div>
</fieldset> </fieldset>
</form> </form>

8
e107_plugins/social/admin_config.php
View File

@@ -1,7 +1,10 @@
<?php <?php
// Generated e107 Plugin Admin Area // Generated e107 Plugin Admin Area
if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../../class2.php'); require_once(__DIR__.'/../../class2.php');
if (!getperms('P')) if (!getperms('P'))
{ {
@@ -446,6 +449,7 @@ class social_ui extends e_admin_ui
</div>"; </div>";
$ret .= $frm->token();
$ret .= $frm->close(); $ret .= $frm->close();
return $ret; return $ret;
@@ -467,6 +471,7 @@ class social_ui extends e_admin_ui
$text .= $this->generateSocialLoginForm($var); $text .= $this->generateSocialLoginForm($var);
$text .= "<div class='buttons-bar center'>".$frm->button('save_social_logins',1,'submit',LAN_ADD)."</div>"; $text .= "<div class='buttons-bar center'>".$frm->button('save_social_logins',1,'submit',LAN_ADD)."</div>";
$text .= $frm->token();
$text .= $frm->close(); $text .= $frm->close();
return $text; return $text;
@@ -563,6 +568,7 @@ class social_ui extends e_admin_ui
</div>"; </div>";
$ret .= $frm->token();
$ret .= $frm->close(); $ret .= $frm->close();
return $ret; return $ret;