mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-06 21:26:58 +02:00
Code Issues Releases Wiki Activity

Blocks Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 15:17:38 +03:00
parent 167c1aac7a
commit 7b9f752701
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/box/blocks/blocks.admin.php Normal file → Executable file
View File

@@ -117,9 +117,15 @@
->display();
break;
case "delete_block":
File::delete($blocks_path.Request::get('filename').'.block.html');
Notification::set('success', __('Block <i>:name</i> deleted', 'blocks', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=blocks');
if (Security::check(Request::get('token'))) {
File::delete($blocks_path.Request::get('filename').'.block.html');
Notification::set('success', __('Block <i>:name</i> deleted', 'blocks', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=blocks');
} else { die('csrf detected!'); }
break;
}
} else {