Pages Plugin: csrf vulnerability resolved

2025-08-04 12:17:42 +02:00 · 2012-10-03 15:21:11 +03:00
parent 7b9f752701
commit 572925ddfa
2 changed files with 37 additions and 32 deletions
--- a/plugins/box/pages/pages.admin.php
+++ b/plugins/box/pages/pages.admin.php
@@ -52,6 +52,9 @@
                    // -------------------------------------    
                    case "clone_page":

+
+                        if (Security::check(Request::get('token'))) {
+                        
                            // Generate rand page name
                            $rand_page_name = Request::get('name').'_clone_'.date("Ymd_His");

@@ -59,7 +62,7 @@
                            $orig_page = $pages->select('[slug="'.Request::get('name').'"]', null); 

                            // Clone page
-                        if($pages->insert(array('slug'         => $rand_page_name,
+                            if ($pages->insert(array('slug'         => $rand_page_name,
                                                     'template'     => $orig_page['template'],
                                                     'parent'       => $orig_page['parent'],
                                                     'robots_index' => $orig_page['robots_index'],
@@ -87,6 +90,9 @@

                            // Redirect
                            Request::redirect('index.php?id=pages');
+
+                        } else { die('csrf detected!'); }
+
                    break;

                    // Add page
@@ -452,12 +458,11 @@
                $count = 0;
                
                // Get pages
-                $pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent', 'uid'));
+                $pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent'));

                // Loop
                foreach ($pages_list as $page) {

-                    $pages_array[$count]['uid']     = $page['uid'];
                    $pages_array[$count]['title']   = $page['title'];
                    $pages_array[$count]['parent']  = $page['parent'];
                    $pages_array[$count]['status']  = $status_array[$page['status']];
--- a/plugins/box/pages/views/backend/index.view.php
+++ b/plugins/box/pages/views/backend/index.view.php
@@ -69,7 +69,7 @@
                                <?php if ($page['parent'] == '') { ?>
                                    <li><a href="index.php?id=pages&action=add_page&parent_page=<?php echo $page['slug']; ?>" title="<?php echo __('Create new page', 'pages'); ?>"><?php echo __('Add', 'pages'); ?></a></li>
                                <?php } ?>
-                                <li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'], array('title' => __('Clone', 'pages'))); ?></li>
+                                <li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'].'&token='.Security::token(), array('title' => __('Clone', 'pages'))); ?></li>
                            </ul>    
                            <?php echo Html::anchor(__('Delete', 'pages'),
                                       'index.php?id=pages&action=delete_page&name='.$page['slug'].'&token='.Security::token(),