mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-06 05:07:49 +02:00
Code Issues Releases Wiki Activity

Themes Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 14:57:11 +03:00
parent f6541b7858
commit 831a4d8ecb
2 changed files with 79 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
plugins/box/themes/themes.admin.php Normal file → Executable file
View File

@@ -459,70 +459,113 @@
// Delete chunk // Delete chunk
// ------------------------------------- // -------------------------------------
case "delete_chunk": case "delete_chunk":
File::delete($chunk_path.Request::get('filename').'.chunk.php');
Notification::set('success', __('Chunk <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); if (Security::check(Request::get('token'))) {
Request::redirect('index.php?id=themes');
File::delete($chunk_path.Request::get('filename').'.chunk.php');
Notification::set('success', __('Chunk <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
} else { die('csrf detected!'); }
break; break;
// Delete styles // Delete styles
// ------------------------------------- // -------------------------------------
case "delete_styles": case "delete_styles":
File::delete($style_path.Request::get('filename').'.css');
Notification::set('success', __('Styles <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); if (Security::check(Request::get('token'))) {
Request::redirect('index.php?id=themes');
File::delete($style_path.Request::get('filename').'.css');
Notification::set('success', __('Styles <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
} else { die('csrf detected!'); }
break; break;
// Delete script // Delete script
// ------------------------------------- // -------------------------------------
case "delete_script": case "delete_script":
File::delete($script_path.Request::get('filename').'.js');
Notification::set('success', __('Script <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); if (Security::check(Request::get('token'))) {
Request::redirect('index.php?id=themes');
File::delete($script_path.Request::get('filename').'.js');
Notification::set('success', __('Script <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
} else { die('csrf detected!'); }
break; break;
// Delete template // Delete template
// ------------------------------------- // -------------------------------------
case "delete_template": case "delete_template":
File::delete($template_path.Request::get('filename').'.template.php');
Notification::set('success', __('Template <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); if (Security::check(Request::get('token'))) {
Request::redirect('index.php?id=themes');
File::delete($template_path.Request::get('filename').'.template.php');
Notification::set('success', __('Template <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=themes');
}
break; break;
// Clone styles // Clone styles
// ------------------------------------- // -------------------------------------
case "clone_styles": case "clone_styles":
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.css',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') . '.css'));
Request::redirect('index.php?id=themes'); if (Security::check(Request::get('token'))) {
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.css',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') . '.css'));
Request::redirect('index.php?id=themes');
}
break; break;
// Clone script // Clone script
// ------------------------------------- // -------------------------------------
case "clone_script": case "clone_script":
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.js',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') . '.js'));
Request::redirect('index.php?id=themes'); if (Security::check(Request::get('token'))) {
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.js',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') . '.js'));
Request::redirect('index.php?id=themes');
}
break; break;
// Clone template // Clone template
// ------------------------------------- // -------------------------------------
case "clone_template": case "clone_template":
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.template.php',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.template.php'));
Request::redirect('index.php?id=themes'); if (Security::check(Request::get('token'))) {
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.template.php',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.template.php'));
Request::redirect('index.php?id=themes');
}
break; break;
// Clone chunk // Clone chunk
// ------------------------------------- // -------------------------------------
case "clone_chunk": case "clone_chunk":
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.chunk.php',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.chunk.php'));
Request::redirect('index.php?id=themes'); if (Security::check(Request::get('token'))) {
File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') .'_clone_'.date("Ymd_His").'.chunk.php',
File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.chunk.php'));
Request::redirect('index.php?id=themes');
}
break; break;
} }

16
plugins/box/themes/views/backend/index.view.php Normal file → Executable file
View File

@@ -73,10 +73,10 @@
<?php echo Html::anchor(__('Edit', 'themes'), 'index.php?id=themes&action=edit_template&filename='.basename($template, '.template.php'), array('class' => 'btn btn-actions')); ?> <?php echo Html::anchor(__('Edit', 'themes'), 'index.php?id=themes&action=edit_template&filename='.basename($template, '.template.php'), array('class' => 'btn btn-actions')); ?>
<a class="btn dropdown-toggle btn-actions" data-toggle="dropdown" href="#" style="font-family:arial;"><span class="caret"></span></a> <a class="btn dropdown-toggle btn-actions" data-toggle="dropdown" href="#" style="font-family:arial;"><span class="caret"></span></a>
<ul class="dropdown-menu"> <ul class="dropdown-menu">
<li><?php echo Html::anchor(__('Clone', 'themes'), 'index.php?id=themes&action=clone_template&filename='.basename($template, '.template.php'), array('title' => __('Clone'))); ?></li> <li><?php echo Html::anchor(__('Clone', 'themes'), 'index.php?id=themes&action=clone_template&filename='.basename($template, '.template.php').'&token='.Security::token(), array('title' => __('Clone'))); ?></li>
</ul> </ul>
<?php echo Html::anchor(__('Delete', 'themes'), <?php echo Html::anchor(__('Delete', 'themes'),
'index.php?id=themes&action=delete_template&filename='.basename($template, '.template.php'), 'index.php?id=themes&action=delete_template&filename='.basename($template, '.template.php').'&token='.Security::token(),
array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__('Delete template: :name', 'themes', array(':name' => basename($template, '.template.php')))."')")); array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__('Delete template: :name', 'themes', array(':name' => basename($template, '.template.php')))."')"));
?> ?>
</div> </div>
@@ -105,10 +105,10 @@
<?php echo Html::anchor(__('Edit', 'themes'), 'index.php?id=themes&action=edit_chunk&filename='.basename($chunk, '.chunk.php'), array('class' => 'btn btn-actions')); ?> <?php echo Html::anchor(__('Edit', 'themes'), 'index.php?id=themes&action=edit_chunk&filename='.basename($chunk, '.chunk.php'), array('class' => 'btn btn-actions')); ?>
<a class="btn dropdown-toggle btn-actions" data-toggle="dropdown" href="#" style="font-family:arial;"><span class="caret"></span></a> <a class="btn dropdown-toggle btn-actions" data-toggle="dropdown" href="#" style="font-family:arial;"><span class="caret"></span></a>
<ul class="dropdown-menu"> <ul class="dropdown-menu">
<li><?php echo Html::anchor(__('Clone', 'themes'), 'index.php?id=themes&action=clone_chunk&filename='.basename($chunk, '.chunk.php'), array('title' => __('Clone', 'themes'))); ?></li> <li><?php echo Html::anchor(__('Clone', 'themes'), 'index.php?id=themes&action=clone_chunk&filename='.basename($chunk, '.chunk.php').'&token='.Security::token(), array('title' => __('Clone', 'themes'))); ?></li>
</ul> </ul>
<?php echo Html::anchor(__('Delete', 'themes'), <?php echo Html::anchor(__('Delete', 'themes'),
'index.php?id=themes&action=delete_chunk&filename='.basename($chunk, '.chunk.php'), 'index.php?id=themes&action=delete_chunk&filename='.basename($chunk, '.chunk.php').'&token='.Security::token(),
array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__('Delete chunk: :name', 'themes', array(':name' => basename($chunk, '.chunk.php')))."')")); array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__('Delete chunk: :name', 'themes', array(':name' => basename($chunk, '.chunk.php')))."')"));
?> ?>
</div> </div>
@@ -137,10 +137,10 @@
<?php echo Html::anchor(__('Edit', 'themes'), 'index.php?id=themes&action=edit_styles&filename='.basename($style, '.css'), array('class' => 'btn btn-actions')); ?> <?php echo Html::anchor(__('Edit', 'themes'), 'index.php?id=themes&action=edit_styles&filename='.basename($style, '.css'), array('class' => 'btn btn-actions')); ?>
<a class="btn dropdown-toggle btn-actions" data-toggle="dropdown" href="#" style="font-family:arial;"><span class="caret"></span></a> <a class="btn dropdown-toggle btn-actions" data-toggle="dropdown" href="#" style="font-family:arial;"><span class="caret"></span></a>
<ul class="dropdown-menu"> <ul class="dropdown-menu">
<li><?php echo Html::anchor(__('Clone', 'themes'), 'index.php?id=themes&action=clone_styles&filename='.basename($style, '.css'), array('title' => __('Clone', 'themes'))); ?></li> <li><?php echo Html::anchor(__('Clone', 'themes'), 'index.php?id=themes&action=clone_styles&filename='.basename($style, '.css').'&token='.Security::token(), array('title' => __('Clone', 'themes'))); ?></li>
</ul> </ul>
<?php echo Html::anchor(__('Delete', 'themes'), <?php echo Html::anchor(__('Delete', 'themes'),
'index.php?id=themes&action=delete_styles&filename='.basename($style, '.css'), 'index.php?id=themes&action=delete_styles&filename='.basename($style, '.css').'&token='.Security::token(),
array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__('Delete styles: :name', 'themes', array(':name' => basename($style, '.css')))."')")); array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__('Delete styles: :name', 'themes', array(':name' => basename($style, '.css')))."')"));
?> ?>
</div> </div>
@@ -169,10 +169,10 @@
<?php echo Html::anchor(__('Edit', 'themes'), 'index.php?id=themes&action=edit_script&filename='.basename($script, '.js'), array('class' => 'btn btn-actions')); ?> <?php echo Html::anchor(__('Edit', 'themes'), 'index.php?id=themes&action=edit_script&filename='.basename($script, '.js'), array('class' => 'btn btn-actions')); ?>
<a class="btn dropdown-toggle btn-actions" data-toggle="dropdown" href="#" style="font-family:arial;"><span class="caret"></span></a> <a class="btn dropdown-toggle btn-actions" data-toggle="dropdown" href="#" style="font-family:arial;"><span class="caret"></span></a>
<ul class="dropdown-menu"> <ul class="dropdown-menu">
<li><?php echo Html::anchor(__('Clone', 'themes'), 'index.php?id=themes&action=clone_script&filename='.basename($script, '.js'), array('title' => __('Clone', 'themes'))); ?></li> <li><?php echo Html::anchor(__('Clone', 'themes'), 'index.php?id=themes&action=clone_script&filename='.basename($script, '.js').'&token='.Security::token(), array('title' => __('Clone', 'themes'))); ?></li>
</ul> </ul>
<?php echo Html::anchor(__('Delete', 'themes'), <?php echo Html::anchor(__('Delete', 'themes'),
'index.php?id=themes&action=delete_script&filename='.basename($script, '.js'), 'index.php?id=themes&action=delete_script&filename='.basename($script, '.js').'&token='.Security::token(),
array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__('Delete script: :name', 'themes', array(':name' => basename($script, '.js')))."')")); array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__('Delete script: :name', 'themes', array(':name' => basename($script, '.js')))."')"));
?> ?>
</div> </div>