mirror of
https://github.com/monstra-cms/monstra.git
synced 2025-07-10 08:06:45 +02:00
Snippets Plugin: csrf vulnerability resolved
This commit is contained in:
12
plugins/box/snippets/snippets.admin.php
Normal file → Executable file
12
plugins/box/snippets/snippets.admin.php
Normal file → Executable file
@ -114,9 +114,15 @@
|
||||
->display();
|
||||
break;
|
||||
case "delete_snippet":
|
||||
File::delete($snippets_path.Request::get('filename').'.snippet.php');
|
||||
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
|
||||
Request::redirect('index.php?id=snippets');
|
||||
|
||||
if (Security::check(Request::get('token'))) {
|
||||
|
||||
File::delete($snippets_path.Request::get('filename').'.snippet.php');
|
||||
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
|
||||
Request::redirect('index.php?id=snippets');
|
||||
|
||||
} else { die('csrf detected!'); }
|
||||
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
|
Reference in New Issue
Block a user