1
0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-07-10 08:06:45 +02:00

Snippets Plugin: csrf vulnerability resolved

This commit is contained in:
Awilum
2012-10-03 14:48:27 +03:00
parent b78dfcb642
commit f6541b7858
2 changed files with 10 additions and 4 deletions

12
plugins/box/snippets/snippets.admin.php Normal file → Executable file
View File

@ -114,9 +114,15 @@
->display();
break;
case "delete_snippet":
File::delete($snippets_path.Request::get('filename').'.snippet.php');
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=snippets');
if (Security::check(Request::get('token'))) {
File::delete($snippets_path.Request::get('filename').'.snippet.php');
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=snippets');
} else { die('csrf detected!'); }
break;
}
} else {