mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-07-31 18:30:20 +02:00
Code Issues Releases Wiki Activity

Pages Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 13:31:11 +03:00
parent ac9e17643f
commit d36c06d8a6
2 changed files with 21 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
plugins/box/pages/pages.admin.php Normal file → Executable file
View File

@@ -414,23 +414,27 @@
// Error 404 page can not be removed // Error 404 page can not be removed
if (Request::get('name') !== 'error404') { if (Request::get('name') !== 'error404') {
if (Security::check(Request::get('token'))) {
// Get page // Get specific page
$page = $pages->select('[slug="'.Request::get('name').'"]', null); $page = $pages->select('[slug="'.Request::get('name').'"]', null);
// Delete page and update <parent> fields // Delete page and update <parent> fields
if ($pages->deleteWhere('[slug="'.Request::get('name').'" ]')) { if ($pages->deleteWhere('[slug="'.$page['slug'].'" ]')) {
$pages->updateWhere('[parent="'.Request::get('name').'"]', array('parent' => '')); $pages->updateWhere('[parent="'.$page['slug'].'"]', array('parent' => ''));
File::delete(STORAGE . DS . 'pages' . DS . $page['id'] . '.page.txt'); File::delete(STORAGE . DS . 'pages' . DS . $page['id'] . '.page.txt');
Notification::set('success', __('Page <i>:page</i> deleted', 'pages', array(':page' => Html::toText($page['title'])))); Notification::set('success', __('Page <i>:page</i> deleted', 'pages', array(':page' => Html::toText($page['title']))));
} }
// Run delete extra actions // Run delete extra actions
Action::run('admin_pages_action_delete'); Action::run('admin_pages_action_delete');
// Redirect // Redirect
Request::redirect('index.php?id=pages'); Request::redirect('index.php?id=pages');
}
} else { die('csrf detected!'); }
}
break; break;
} }
@@ -448,11 +452,12 @@
$count = 0; $count = 0;
// Get pages // Get pages
$pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent')); $pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent', 'uid'));
// Loop // Loop
foreach ($pages_list as $page) { foreach ($pages_list as $page) {
$pages_array[$count]['uid'] = $page['uid'];
$pages_array[$count]['title'] = $page['title']; $pages_array[$count]['title'] = $page['title'];
$pages_array[$count]['parent'] = $page['parent']; $pages_array[$count]['parent'] = $page['parent'];
$pages_array[$count]['status'] = $status_array[$page['status']]; $pages_array[$count]['status'] = $status_array[$page['status']];

2
plugins/box/pages/views/backend/index.view.php Normal file → Executable file
View File

@@ -72,7 +72,7 @@
<li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'], array('title' => __('Clone', 'pages'))); ?></li> <li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'], array('title' => __('Clone', 'pages'))); ?></li>
</ul> </ul>
<?php echo Html::anchor(__('Delete', 'pages'), <?php echo Html::anchor(__('Delete', 'pages'),
'index.php?id=pages&action=delete_page&name='.$page['slug'], 'index.php?id=pages&action=delete_page&name='.$page['slug'].'&token='.Security::token(),
array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__("Delete page: :page", 'pages', array(':page' => Html::toText($page['title'])))."')")); array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__("Delete page: :page", 'pages', array(':page' => Html::toText($page['title'])))."')"));
?> ?>
</div> </div>