mirror of
https://github.com/monstra-cms/monstra.git
synced 2025-08-04 12:17:42 +02:00
Pages Plugin: csrf vulnerability resolved
This commit is contained in:
Awilum
@@ -51,42 +51,48 @@
|
|||||||
// Clone page
|
// Clone page
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
case "clone_page":
|
case "clone_page":
|
||||||
|
|
||||||
|
|
||||||
|
if (Security::check(Request::get('token'))) {
|
||||||
|
|
||||||
// Generate rand page name
|
// Generate rand page name
|
||||||
$rand_page_name = Request::get('name').'_clone_'.date("Ymd_His");
|
$rand_page_name = Request::get('name').'_clone_'.date("Ymd_His");
|
||||||
|
|
||||||
// Get original page
|
// Get original page
|
||||||
$orig_page = $pages->select('[slug="'.Request::get('name').'"]', null);
|
$orig_page = $pages->select('[slug="'.Request::get('name').'"]', null);
|
||||||
|
|
||||||
// Clone page
|
// Clone page
|
||||||
if($pages->insert(array('slug' => $rand_page_name,
|
if ($pages->insert(array('slug' => $rand_page_name,
|
||||||
'template' => $orig_page['template'],
|
'template' => $orig_page['template'],
|
||||||
'parent' => $orig_page['parent'],
|
'parent' => $orig_page['parent'],
|
||||||
'robots_index' => $orig_page['robots_index'],
|
'robots_index' => $orig_page['robots_index'],
|
||||||
'robots_follow'=> $orig_page['robots_follow'],
|
'robots_follow'=> $orig_page['robots_follow'],
|
||||||
'status' => $orig_page['status'],
|
'status' => $orig_page['status'],
|
||||||
'title' => $rand_page_name,
|
'title' => $rand_page_name,
|
||||||
'description' => $orig_page['description'],
|
'description' => $orig_page['description'],
|
||||||
'keywords' => $orig_page['keywords'],
|
'keywords' => $orig_page['keywords'],
|
||||||
'date' => $orig_page['date'],
|
'date' => $orig_page['date'],
|
||||||
'author' => $orig_page['author']))) {
|
'author' => $orig_page['author']))) {
|
||||||
|
|
||||||
// Get cloned page ID
|
// Get cloned page ID
|
||||||
$last_id = $pages->lastId();
|
$last_id = $pages->lastId();
|
||||||
|
|
||||||
// Save cloned page content
|
// Save cloned page content
|
||||||
File::setContent(STORAGE . DS . 'pages' . DS . $last_id . '.page.txt',
|
File::setContent(STORAGE . DS . 'pages' . DS . $last_id . '.page.txt',
|
||||||
File::getContent(STORAGE . DS . 'pages' . DS . $orig_page['id'] . '.page.txt'));
|
File::getContent(STORAGE . DS . 'pages' . DS . $orig_page['id'] . '.page.txt'));
|
||||||
|
|
||||||
// Send notification
|
// Send notification
|
||||||
Notification::set('success', __('The page <i>:page</i> cloned.', 'pages', array(':page' => Security::safeName(Request::get('name'), '-', true))));
|
Notification::set('success', __('The page <i>:page</i> cloned.', 'pages', array(':page' => Security::safeName(Request::get('name'), '-', true))));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Run add extra actions
|
// Run add extra actions
|
||||||
Action::run('admin_pages_action_clone');
|
Action::run('admin_pages_action_clone');
|
||||||
|
|
||||||
|
// Redirect
|
||||||
|
Request::redirect('index.php?id=pages');
|
||||||
|
|
||||||
|
} else { die('csrf detected!'); }
|
||||||
|
|
||||||
// Redirect
|
|
||||||
Request::redirect('index.php?id=pages');
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
// Add page
|
// Add page
|
||||||
@@ -452,12 +458,11 @@
|
|||||||
$count = 0;
|
$count = 0;
|
||||||
|
|
||||||
// Get pages
|
// Get pages
|
||||||
$pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent', 'uid'));
|
$pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent'));
|
||||||
|
|
||||||
// Loop
|
// Loop
|
||||||
foreach ($pages_list as $page) {
|
foreach ($pages_list as $page) {
|
||||||
|
|
||||||
$pages_array[$count]['uid'] = $page['uid'];
|
|
||||||
$pages_array[$count]['title'] = $page['title'];
|
$pages_array[$count]['title'] = $page['title'];
|
||||||
$pages_array[$count]['parent'] = $page['parent'];
|
$pages_array[$count]['parent'] = $page['parent'];
|
||||||
$pages_array[$count]['status'] = $status_array[$page['status']];
|
$pages_array[$count]['status'] = $status_array[$page['status']];
|
||||||
|
|||||||
@@ -69,7 +69,7 @@
|
|||||||
<?php if ($page['parent'] == '') { ?>
|
<?php if ($page['parent'] == '') { ?>
|
||||||
<li><a href="index.php?id=pages&action=add_page&parent_page=<?php echo $page['slug']; ?>" title="<?php echo __('Create new page', 'pages'); ?>"><?php echo __('Add', 'pages'); ?></a></li>
|
<li><a href="index.php?id=pages&action=add_page&parent_page=<?php echo $page['slug']; ?>" title="<?php echo __('Create new page', 'pages'); ?>"><?php echo __('Add', 'pages'); ?></a></li>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'], array('title' => __('Clone', 'pages'))); ?></li>
|
<li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'].'&token='.Security::token(), array('title' => __('Clone', 'pages'))); ?></li>
|
||||||
</ul>
|
</ul>
|
||||||
<?php echo Html::anchor(__('Delete', 'pages'),
|
<?php echo Html::anchor(__('Delete', 'pages'),
|
||||||
'index.php?id=pages&action=delete_page&name='.$page['slug'].'&token='.Security::token(),
|
'index.php?id=pages&action=delete_page&name='.$page['slug'].'&token='.Security::token(),
|
||||||
|
|||||||
Reference in New Issue
Block a user