mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-07 05:37:03 +02:00
Code Issues Releases Wiki Activity

System Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 14:28:43 +03:00
parent 3f7b10592f
commit af47159990
2 changed files with 30 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
plugins/box/system/system.admin.php Normal file → Executable file
View File

@@ -66,20 +66,27 @@
// Create Sitemap
// -------------------------------------
if (Request::get('sitemap')) {
if ('create' == Request::get('sitemap')) {
if (Request::get('sitemap') == 'create') {
if (Security::check(Request::get('token'))) {
Notification::set('success', __('Sitemap created', 'system'));
Sitemap::create();
Request::redirect('index.php?id=system');
}
Request::redirect('index.php?id=system');
} else { die('csrf detected!'); }
}
// Delete temporary files
// -------------------------------------
if (Request::get('temporary_files')) {
if ('delete' == Request::get('temporary_files')) {
if (Request::get('temporary_files') == 'delete') {
if (Security::check(Request::get('token'))) {
$namespaces = Dir::scan(CACHE);
if (count($namespaces) > 0) {
foreach ($namespaces as $namespace) {
@@ -104,13 +111,19 @@
// Set maintenance state on or off
// -------------------------------------
if (Request::get('maintenance')) {
if ('on' == Request::get('maintenance')) {
Option::update('maintenance_status', 'on');
Request::redirect('index.php?id=system');
}
if ('off' == Request::get('maintenance')) {
Option::update('maintenance_status', 'off');
Request::redirect('index.php?id=system');
if (Security::check(Request::get('token'))) {
if ('on' == Request::get('maintenance')) {
Option::update('maintenance_status', 'on');
Request::redirect('index.php?id=system');
}
if ('off' == Request::get('maintenance')) {
Option::update('maintenance_status', 'off');
Request::redirect('index.php?id=system');
}
}
}