mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-07-31 18:30:20 +02:00
Code Issues Releases Wiki Activity

Pages Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 13:31:11 +03:00
parent ac9e17643f
commit d36c06d8a6
2 changed files with 21 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
plugins/box/pages/pages.admin.php Normal file → Executable file
View File

@@ -415,12 +415,14 @@
// Error 404 page can not be removed
if (Request::get('name') !== 'error404') {
// Get page
if (Security::check(Request::get('token'))) {
// Get specific page
$page = $pages->select('[slug="'.Request::get('name').'"]', null);
// Delete page and update <parent> fields
if ($pages->deleteWhere('[slug="'.Request::get('name').'" ]')) {
$pages->updateWhere('[parent="'.Request::get('name').'"]', array('parent' => ''));
if ($pages->deleteWhere('[slug="'.$page['slug'].'" ]')) {
$pages->updateWhere('[parent="'.$page['slug'].'"]', array('parent' => ''));
File::delete(STORAGE . DS . 'pages' . DS . $page['id'] . '.page.txt');
Notification::set('success', __('Page <i>:page</i> deleted', 'pages', array(':page' => Html::toText($page['title']))));
}
@@ -430,6 +432,8 @@
// Redirect
Request::redirect('index.php?id=pages');
} else { die('csrf detected!'); }
}
break;
@@ -448,11 +452,12 @@
$count = 0;
// Get pages
$pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent'));
$pages_list = $pages->select(null, 'all', null, array('slug', 'title', 'status', 'date', 'author', 'parent', 'uid'));
// Loop
foreach ($pages_list as $page) {
$pages_array[$count]['uid'] = $page['uid'];
$pages_array[$count]['title'] = $page['title'];
$pages_array[$count]['parent'] = $page['parent'];
$pages_array[$count]['status'] = $status_array[$page['status']];

2
plugins/box/pages/views/backend/index.view.php Normal file → Executable file
View File

@@ -72,7 +72,7 @@
<li><?php echo Html::anchor(__('Clone', 'pages'), 'index.php?id=pages&action=clone_page&name='.$page['slug'], array('title' => __('Clone', 'pages'))); ?></li>
</ul>
<?php echo Html::anchor(__('Delete', 'pages'),
'index.php?id=pages&action=delete_page&name='.$page['slug'],
'index.php?id=pages&action=delete_page&name='.$page['slug'].'&token='.Security::token(),
array('class' => 'btn btn-actions btn-actions-default', 'onclick' => "return confirmDelete('".__("Delete page: :page", 'pages', array(':page' => Html::toText($page['title'])))."')"));
?>
</div>