mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-04 12:17:42 +02:00
Code Issues Releases Wiki Activity

Pages Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 15:21:11 +03:00
parent 7b9f752701
commit 572925ddfa
2 changed files with 37 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
plugins/box/pages/pages.admin.php
View File

@@ -52,41 +52,47 @@
// ------------------------------------- // -------------------------------------
case "clone_page": case "clone_page":
// Generate rand page name
$rand_page_name = Request::get('name').'_clone_'.date("Ymd_His");
// Get original page if (Security::check(Request::get('token'))) {
$orig_page = $pages->select('[slug="'.Request::get('name').'"]', null);
// Clone page // Generate rand page name
if($pages->insert(array('slug' => $rand_page_name, $rand_page_name = Request::get('name').'_clone_'.date("Ymd_His");
'template' => $orig_page['template'],
'parent' => $orig_page['parent'],
'robots_index' => $orig_page['robots_index'],
'robots_follow'=> $orig_page['robots_follow'],
'status' => $orig_page['status'],
'title' => $rand_page_name,
'description' => $orig_page['description'],
'keywords' => $orig_page['keywords'],
'date' => $orig_page['date'],
'author' => $orig_page['author']))) {
// Get cloned page ID // Get original page
$last_id = $pages->lastId(); $orig_page = $pages->select('[slug="'.Request::get('name').'"]', null);
// Save cloned page content // Clone page
File::setContent(STORAGE . DS . 'pages' . DS . $last_id . '.page.txt', if ($pages->insert(array('slug' => $rand_page_name,
File::getContent(STORAGE . DS . 'pages' . DS . $orig_page['id'] . '.page.txt')); 'template' => $orig_page['template'],
'parent' => $orig_page['parent'],
'robots_index' => $orig_page['robots_index'],
'robots_follow'=> $orig_page['robots_follow'],
'status' => $orig_page['status'],
'title' => $rand_page_name,
'description' => $orig_page['description'],
'keywords' => $orig_page['keywords'],
'date' => $orig_page['date'],
'author' => $orig_page['author']))) {
// Send notification // Get cloned page ID
Notification::set('success', __('The page <i>:page</i> cloned.', 'pages', array(':page' => Security::safeName(Request::get('name'), '-', true)))); $last_id = $pages->lastId();
}
// Run add extra actions // Save cloned page content
Action::run('admin_pages_action_clone'); File::setContent(STORAGE . DS . 'pages' . DS . $last_id . '.page.txt',
File::getContent(STORAGE . DS . 'pages' . DS . $orig_page['id'] . '.page.txt'));
// Send notification
Notification::set('success', __('The page <i>:page</i> cloned.', 'pages', array(':page' => Security::safeName(Request::get('name'), '-', true))));
}
// Run add extra actions
Action::run('admin_pages_action_clone');
// Redirect
Request::redirect('index.php?id=pages');
} else { die('csrf detected!'); }
// Redirect
Request::redirect('index.php?id=pages');
break; break;
// Add page // Add page
@@ -452,12 +458,11 @@
$count = 0; $count = 0;
// Get pages // Get pages
$pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent', 'uid')); $pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent'));
// Loop // Loop
foreach ($pages_list as $page) { foreach ($pages_list as $page) {
$pages_array[$count]['uid'] = $page['uid'];
$pages_array[$count]['title'] = $page['title']; $pages_array[$count]['title'] = $page['title'];
$pages_array[$count]['parent'] = $page['parent']; $pages_array[$count]['parent'] = $page['parent'];
$pages_array[$count]['status'] = $status_array[$page['status']]; $pages_array[$count]['status'] = $status_array[$page['status']];

2
plugins/box/pages/views/backend/index.view.php
View File

@@ -69,7 +69,7 @@
<?php if ($page['parent'] == '') { ?> <?php if ($page['parent'] == '') { ?>
<li><a href="index.php?id=pages&action=add_page&parent_page=<?php echo $page['slug']; ?>" title="<?php echo __('Create new page', 'pages'); ?>"><?php echo __('Add', 'pages'); ?></a></li> <li><a href="index.php?id=pages&action=add_page&parent_page=<?php echo $page['slug']; ?>" title="<?php echo __('Create new page', 'pages'); ?>"><?php echo __('Add', 'pages'); ?></a></li>
<?php } ?> <?php } ?>
<li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'], array('title' => __('Clone', 'pages'))); ?></li> <li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'].'&token='.Security::token(), array('title' => __('Clone', 'pages'))); ?></li>
</ul> </ul>
<?php echo Html::anchor(__('Delete', 'pages'), <?php echo Html::anchor(__('Delete', 'pages'),
'index.php?id=pages&action=delete_page&name='.$page['slug'].'&token='.Security::token(), 'index.php?id=pages&action=delete_page&name='.$page['slug'].'&token='.Security::token(),