mirror of
https://github.com/monstra-cms/monstra.git
synced 2025-08-04 12:17:42 +02:00
Pages Plugin: csrf vulnerability resolved
This commit is contained in:
Awilum
@@ -52,41 +52,47 @@
|
||||
// -------------------------------------
|
||||
case "clone_page":
|
||||
|
||||
// Generate rand page name
|
||||
$rand_page_name = Request::get('name').'_clone_'.date("Ymd_His");
|
||||
|
||||
// Get original page
|
||||
$orig_page = $pages->select('[slug="'.Request::get('name').'"]', null);
|
||||
if (Security::check(Request::get('token'))) {
|
||||
|
||||
// Clone page
|
||||
if($pages->insert(array('slug' => $rand_page_name,
|
||||
'template' => $orig_page['template'],
|
||||
'parent' => $orig_page['parent'],
|
||||
'robots_index' => $orig_page['robots_index'],
|
||||
'robots_follow'=> $orig_page['robots_follow'],
|
||||
'status' => $orig_page['status'],
|
||||
'title' => $rand_page_name,
|
||||
'description' => $orig_page['description'],
|
||||
'keywords' => $orig_page['keywords'],
|
||||
'date' => $orig_page['date'],
|
||||
'author' => $orig_page['author']))) {
|
||||
// Generate rand page name
|
||||
$rand_page_name = Request::get('name').'_clone_'.date("Ymd_His");
|
||||
|
||||
// Get cloned page ID
|
||||
$last_id = $pages->lastId();
|
||||
// Get original page
|
||||
$orig_page = $pages->select('[slug="'.Request::get('name').'"]', null);
|
||||
|
||||
// Save cloned page content
|
||||
File::setContent(STORAGE . DS . 'pages' . DS . $last_id . '.page.txt',
|
||||
File::getContent(STORAGE . DS . 'pages' . DS . $orig_page['id'] . '.page.txt'));
|
||||
// Clone page
|
||||
if ($pages->insert(array('slug' => $rand_page_name,
|
||||
'template' => $orig_page['template'],
|
||||
'parent' => $orig_page['parent'],
|
||||
'robots_index' => $orig_page['robots_index'],
|
||||
'robots_follow'=> $orig_page['robots_follow'],
|
||||
'status' => $orig_page['status'],
|
||||
'title' => $rand_page_name,
|
||||
'description' => $orig_page['description'],
|
||||
'keywords' => $orig_page['keywords'],
|
||||
'date' => $orig_page['date'],
|
||||
'author' => $orig_page['author']))) {
|
||||
|
||||
// Send notification
|
||||
Notification::set('success', __('The page <i>:page</i> cloned.', 'pages', array(':page' => Security::safeName(Request::get('name'), '-', true))));
|
||||
}
|
||||
// Get cloned page ID
|
||||
$last_id = $pages->lastId();
|
||||
|
||||
// Run add extra actions
|
||||
Action::run('admin_pages_action_clone');
|
||||
// Save cloned page content
|
||||
File::setContent(STORAGE . DS . 'pages' . DS . $last_id . '.page.txt',
|
||||
File::getContent(STORAGE . DS . 'pages' . DS . $orig_page['id'] . '.page.txt'));
|
||||
|
||||
// Send notification
|
||||
Notification::set('success', __('The page <i>:page</i> cloned.', 'pages', array(':page' => Security::safeName(Request::get('name'), '-', true))));
|
||||
}
|
||||
|
||||
// Run add extra actions
|
||||
Action::run('admin_pages_action_clone');
|
||||
|
||||
// Redirect
|
||||
Request::redirect('index.php?id=pages');
|
||||
|
||||
} else { die('csrf detected!'); }
|
||||
|
||||
// Redirect
|
||||
Request::redirect('index.php?id=pages');
|
||||
break;
|
||||
|
||||
// Add page
|
||||
@@ -452,12 +458,11 @@
|
||||
$count = 0;
|
||||
|
||||
// Get pages
|
||||
$pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent', 'uid'));
|
||||
$pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent'));
|
||||
|
||||
// Loop
|
||||
foreach ($pages_list as $page) {
|
||||
|
||||
$pages_array[$count]['uid'] = $page['uid'];
|
||||
$pages_array[$count]['title'] = $page['title'];
|
||||
$pages_array[$count]['parent'] = $page['parent'];
|
||||
$pages_array[$count]['status'] = $status_array[$page['status']];
|
||||
|
||||
@@ -69,7 +69,7 @@
|
||||
<?php if ($page['parent'] == '') { ?>
|
||||
<li><a href="index.php?id=pages&action=add_page&parent_page=<?php echo $page['slug']; ?>" title="<?php echo __('Create new page', 'pages'); ?>"><?php echo __('Add', 'pages'); ?></a></li>
|
||||
<?php } ?>
|
||||
<li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'], array('title' => __('Clone', 'pages'))); ?></li>
|
||||
<li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'].'&token='.Security::token(), array('title' => __('Clone', 'pages'))); ?></li>
|
||||
</ul>
|
||||
<?php echo Html::anchor(__('Delete', 'pages'),
|
||||
'index.php?id=pages&action=delete_page&name='.$page['slug'].'&token='.Security::token(),
|
||||
|
||||
Reference in New Issue
Block a user