mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-06 21:26:58 +02:00
Code Issues Releases Wiki Activity

Themes Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 14:57:11 +03:00
parent f6541b7858
commit 831a4d8ecb
2 changed files with 79 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
plugins/box/themes/themes.admin.php Normal file → Executable file
View File

@@ -459,70 +459,113 @@
// Delete chunk
// -------------------------------------
case "delete_chunk":
File::delete($chunk_path.Request::get('filename').'.chunk.php');
Notification::set('success', __('Chunk <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
if (Security::check(Request::get('token'))) {
File::delete($chunk_path.Request::get('filename').'.chunk.php');
Notification::set('success', __('Chunk <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
} else { die('csrf detected!'); }
break;
// Delete styles
// -------------------------------------
case "delete_styles":
File::delete($style_path.Request::get('filename').'.css');
Notification::set('success', __('Styles <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
if (Security::check(Request::get('token'))) {
File::delete($style_path.Request::get('filename').'.css');
Notification::set('success', __('Styles <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
} else { die('csrf detected!'); }
break;
// Delete script
// -------------------------------------
case "delete_script":
File::delete($script_path.Request::get('filename').'.js');
Notification::set('success', __('Script <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
if (Security::check(Request::get('token'))) {
File::delete($script_path.Request::get('filename').'.js');
Notification::set('success', __('Script <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
} else { die('csrf detected!'); }
break;
// Delete template
// -------------------------------------
case "delete_template":
File::delete($template_path.Request::get('filename').'.template.php');
Notification::set('success', __('Template <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
if (Security::check(Request::get('token'))) {
File::delete($template_path.Request::get('filename').'.template.php');
Notification::set('success', __('Template <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
}
break;
// Clone styles
// -------------------------------------
case "clone_styles":
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.css',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') . '.css'));
Request::redirect('index.php?id=themes');
if (Security::check(Request::get('token'))) {
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.css',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') . '.css'));
Request::redirect('index.php?id=themes');
}
break;
// Clone script
// -------------------------------------
case "clone_script":
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.js',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') . '.js'));
Request::redirect('index.php?id=themes');
if (Security::check(Request::get('token'))) {
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.js',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') . '.js'));
Request::redirect('index.php?id=themes');
}
break;
// Clone template
// -------------------------------------
case "clone_template":
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.template.php',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.template.php'));
Request::redirect('index.php?id=themes');
if (Security::check(Request::get('token'))) {
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.template.php',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.template.php'));
Request::redirect('index.php?id=themes');
}
break;
// Clone chunk
// -------------------------------------
case "clone_chunk":
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.chunk.php',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.chunk.php'));
Request::redirect('index.php?id=themes');
if (Security::check(Request::get('token'))) {
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.chunk.php',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.chunk.php'));
Request::redirect('index.php?id=themes');
}
break;
}