mirror of
https://github.com/monstra-cms/monstra.git
synced 2025-08-02 19:27:52 +02:00
CSRF detection text - updated #84
This commit is contained in:
Awilum
@@ -51,7 +51,7 @@ class BlocksAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save fields
|
// Save fields
|
||||||
@@ -106,7 +106,7 @@ class BlocksAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
||||||
if (Request::post('editor')) $content = Request::post('editor'); else $content = File::getContent($blocks_path.Request::get('filename').'.block.html');
|
if (Request::post('editor')) $content = Request::post('editor'); else $content = File::getContent($blocks_path.Request::get('filename').'.block.html');
|
||||||
@@ -126,7 +126,7 @@ class BlocksAdmin extends Backend
|
|||||||
Notification::set('success', __('Block <i>:name</i> deleted', 'blocks', array(':name' => File::name(Request::get('filename')))));
|
Notification::set('success', __('Block <i>:name</i> deleted', 'blocks', array(':name' => File::name(Request::get('filename')))));
|
||||||
Request::redirect('index.php?id=blocks');
|
Request::redirect('index.php?id=blocks');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -87,7 +87,7 @@ class FilesmanagerAdmin extends Backend
|
|||||||
File::delete($files_path.Request::get('delete_file'));
|
File::delete($files_path.Request::get('delete_file'));
|
||||||
Request::redirect($site_url.'admin/index.php?id=filesmanager&path='.$path);
|
Request::redirect($site_url.'admin/index.php?id=filesmanager&path='.$path);
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete dir
|
// Delete dir
|
||||||
@@ -99,7 +99,7 @@ class FilesmanagerAdmin extends Backend
|
|||||||
Dir::delete($files_path.Request::get('delete_dir'));
|
Dir::delete($files_path.Request::get('delete_dir'));
|
||||||
Request::redirect($site_url.'admin/index.php?id=filesmanager&path='.$path);
|
Request::redirect($site_url.'admin/index.php?id=filesmanager&path='.$path);
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Upload file
|
// Upload file
|
||||||
@@ -115,7 +115,7 @@ class FilesmanagerAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Display view
|
// Display view
|
||||||
|
|||||||
@@ -86,7 +86,7 @@ class MenuAdmin extends Backend
|
|||||||
Request::redirect('index.php?id=menu');
|
Request::redirect('index.php?id=menu');
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -148,7 +148,7 @@ class MenuAdmin extends Backend
|
|||||||
Request::redirect('index.php?id=menu');
|
Request::redirect('index.php?id=menu');
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Display view
|
// Display view
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ class PagesAdmin extends Backend
|
|||||||
$pages = new Table('pages');
|
$pages = new Table('pages');
|
||||||
$pages->updateWhere('[slug="'.Request::post('slug').'"]', array('expand' => Request::post('expand')));
|
$pages->updateWhere('[slug="'.Request::post('slug').'"]', array('expand' => Request::post('expand')));
|
||||||
Request::shutdown();
|
Request::shutdown();
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -123,7 +123,7 @@ class PagesAdmin extends Backend
|
|||||||
// Redirect
|
// Redirect
|
||||||
Request::redirect('index.php?id=pages');
|
Request::redirect('index.php?id=pages');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -198,7 +198,7 @@ class PagesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -365,7 +365,7 @@ class PagesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get all pages
|
// Get all pages
|
||||||
@@ -487,7 +487,7 @@ class PagesAdmin extends Backend
|
|||||||
// Redirect
|
// Redirect
|
||||||
Request::redirect('index.php?id=pages');
|
Request::redirect('index.php?id=pages');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ class PluginsAdmin extends Backend
|
|||||||
Request::redirect('index.php?id=plugins');
|
Request::redirect('index.php?id=plugins');
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Install new plugin
|
// Install new plugin
|
||||||
@@ -88,7 +88,7 @@ class PluginsAdmin extends Backend
|
|||||||
|
|
||||||
Request::redirect('index.php?id=plugins');
|
Request::redirect('index.php?id=plugins');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete plugin from server
|
// Delete plugin from server
|
||||||
@@ -100,7 +100,7 @@ class PluginsAdmin extends Backend
|
|||||||
Dir::delete(PLUGINS . DS . basename(Request::get('delete_plugin_from_server'), '.manifest.xml'));
|
Dir::delete(PLUGINS . DS . basename(Request::get('delete_plugin_from_server'), '.manifest.xml'));
|
||||||
Request::redirect('index.php?id=plugins');
|
Request::redirect('index.php?id=plugins');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ class SnippetsAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
// Save fields
|
// Save fields
|
||||||
if (Request::post('name')) $name = Request::post('name'); else $name = '';
|
if (Request::post('name')) $name = Request::post('name'); else $name = '';
|
||||||
@@ -104,7 +104,7 @@ class SnippetsAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
||||||
$content = File::getContent($snippets_path.Request::get('filename').'.snippet.php');
|
$content = File::getContent($snippets_path.Request::get('filename').'.snippet.php');
|
||||||
@@ -124,7 +124,7 @@ class SnippetsAdmin extends Backend
|
|||||||
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
|
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
|
||||||
Request::redirect('index.php?id=snippets');
|
Request::redirect('index.php?id=snippets');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -74,7 +74,7 @@ class SystemAdmin extends Backend
|
|||||||
|
|
||||||
Request::redirect('index.php?id=system');
|
Request::redirect('index.php?id=system');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -149,7 +149,7 @@ class SystemAdmin extends Backend
|
|||||||
Notification::set('success', __('Your changes have been saved.', 'system'));
|
Notification::set('success', __('Your changes have been saved.', 'system'));
|
||||||
Request::redirect('index.php?id=system');
|
Request::redirect('index.php?id=system');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Its mean that you can add your own actions for this plugin
|
// Its mean that you can add your own actions for this plugin
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ class ThemesAdmin extends Backend
|
|||||||
|
|
||||||
Request::redirect('index.php?id=themes');
|
Request::redirect('index.php?id=themes');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save site theme
|
// Save site theme
|
||||||
@@ -57,7 +57,7 @@ class ThemesAdmin extends Backend
|
|||||||
|
|
||||||
Request::redirect('index.php?id=themes');
|
Request::redirect('index.php?id=themes');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Its mean that you can add your own actions for this plugin
|
// Its mean that you can add your own actions for this plugin
|
||||||
@@ -95,7 +95,7 @@ class ThemesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save fields
|
// Save fields
|
||||||
@@ -135,7 +135,7 @@ class ThemesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save fields
|
// Save fields
|
||||||
@@ -175,7 +175,7 @@ class ThemesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save fields
|
// Save fields
|
||||||
@@ -215,7 +215,7 @@ class ThemesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save fields
|
// Save fields
|
||||||
@@ -272,7 +272,7 @@ class ThemesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
||||||
$content = File::getContent($chunk_path.Request::get('filename').'.chunk.php');
|
$content = File::getContent($chunk_path.Request::get('filename').'.chunk.php');
|
||||||
@@ -328,7 +328,7 @@ class ThemesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
||||||
$content = File::getContent($chunk_path.Request::get('filename').'.template.php');
|
$content = File::getContent($chunk_path.Request::get('filename').'.template.php');
|
||||||
@@ -384,7 +384,7 @@ class ThemesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
||||||
$content = File::getContent($style_path.Request::get('filename').'.css');
|
$content = File::getContent($style_path.Request::get('filename').'.css');
|
||||||
@@ -440,7 +440,7 @@ class ThemesAdmin extends Backend
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
if (Request::post('name')) $name = Request::post('name'); else $name = File::name(Request::get('filename'));
|
||||||
$content = File::getContent($script_path.Request::get('filename').'.js');
|
$content = File::getContent($script_path.Request::get('filename').'.js');
|
||||||
@@ -465,7 +465,7 @@ class ThemesAdmin extends Backend
|
|||||||
Notification::set('success', __('Chunk <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
|
Notification::set('success', __('Chunk <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
|
||||||
Request::redirect('index.php?id=themes');
|
Request::redirect('index.php?id=themes');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -479,7 +479,7 @@ class ThemesAdmin extends Backend
|
|||||||
Notification::set('success', __('Styles <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
|
Notification::set('success', __('Styles <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
|
||||||
Request::redirect('index.php?id=themes');
|
Request::redirect('index.php?id=themes');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -493,7 +493,7 @@ class ThemesAdmin extends Backend
|
|||||||
Notification::set('success', __('Script <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
|
Notification::set('success', __('Script <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
|
||||||
Request::redirect('index.php?id=themes');
|
Request::redirect('index.php?id=themes');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ class UsersAdmin extends Backend
|
|||||||
Option::update('users_frontend_registration', $users_frontend_registration);
|
Option::update('users_frontend_registration', $users_frontend_registration);
|
||||||
Request::redirect('index.php?id=users');
|
Request::redirect('index.php?id=users');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check for get actions
|
// Check for get actions
|
||||||
@@ -90,7 +90,7 @@ class UsersAdmin extends Backend
|
|||||||
Request::redirect('index.php?id=users');
|
Request::redirect('index.php?id=users');
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Display view
|
// Display view
|
||||||
@@ -142,7 +142,7 @@ class UsersAdmin extends Backend
|
|||||||
}
|
}
|
||||||
} else { }
|
} else { }
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -156,7 +156,7 @@ class UsersAdmin extends Backend
|
|||||||
Request::redirect('index.php?id=users&action=edit&user_id='.Request::post('user_id'));
|
Request::redirect('index.php?id=users&action=edit&user_id='.Request::post('user_id'));
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ((int) Session::get('user_id') == (int) Request::get('user_id')) or (in_array(Session::get('user_role'), array('admin')) && count($user) != 0) ) {
|
if ( ((int) Session::get('user_id') == (int) Request::get('user_id')) or (in_array(Session::get('user_role'), array('admin')) && count($user) != 0) ) {
|
||||||
@@ -194,7 +194,7 @@ class UsersAdmin extends Backend
|
|||||||
Notification::set('success', __('User <i>:user</i> have been deleted.', 'users', array(':user' => $user['login'])));
|
Notification::set('success', __('User <i>:user</i> have been deleted.', 'users', array(':user' => $user['login'])));
|
||||||
Request::redirect('index.php?id=users');
|
Request::redirect('index.php?id=users');
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -153,7 +153,7 @@ class Users extends Frontend
|
|||||||
Request::redirect(Option::get('siteurl').'users/'.Users::$users->lastId());
|
Request::redirect(Option::get('siteurl').'users/'.Users::$users->lastId());
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
}
|
}
|
||||||
|
|
||||||
// Display view
|
// Display view
|
||||||
@@ -239,7 +239,7 @@ class Users extends Frontend
|
|||||||
}
|
}
|
||||||
} else { }
|
} else { }
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -345,7 +345,7 @@ class Users extends Frontend
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -391,7 +391,7 @@ class Users extends Frontend
|
|||||||
Notification::setNow('error', __('Wrong <b>username</b> or <b>password</b>', 'users'));
|
Notification::setNow('error', __('Wrong <b>username</b> or <b>password</b>', 'users'));
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { die('csrf detected!'); }
|
} else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); }
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user