mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-01 10:50:37 +02:00
Code Issues Releases Wiki Activity

System Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 14:40:16 +03:00
parent af47159990
commit bd72e20144
1 changed files with 20 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
plugins/box/users/users.admin.php Normal file → Executable file
View File

@@ -48,9 +48,14 @@
}
if (Request::post('users_frontend_submit')) {
if (Request::post('users_frontend_registration')) $users_frontend_registration = 'true'; else $users_frontend_registration = 'false';
Option::update('users_frontend_registration', $users_frontend_registration);
Request::redirect('index.php?id=users');
if (Security::check(Request::post('csrf'))) {
if (Request::post('users_frontend_registration')) $users_frontend_registration = 'true'; else $users_frontend_registration = 'false';
Option::update('users_frontend_registration', $users_frontend_registration);
Request::redirect('index.php?id=users');
} else { die('csrf detected!'); }
}
// Check for get actions
@@ -189,12 +194,20 @@
case "delete":
if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) {
$user = $users->select('[id="'.Request::get('user_id').'"]', null);
$users->delete(Request::get('user_id'));
Notification::set('success', __('User <i>:user</i> have been deleted.', 'users', array(':user' => $user['login'])));
Request::redirect('index.php?id=users');
if (Security::check(Request::get('token'))) {
$user = $users->select('[id="'.Request::get('user_id').'"]', null);
$users->delete(Request::get('user_id'));
Notification::set('success', __('User <i>:user</i> have been deleted.', 'users', array(':user' => $user['login'])));
Request::redirect('index.php?id=users');
} else { die('csrf detected!'); }
}
break;
}
} else {