1
0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-07-11 16:46:18 +02:00

Snippets Plugin: csrf vulnerability resolved

This commit is contained in:
Awilum
2012-10-03 14:48:27 +03:00
parent b78dfcb642
commit f6541b7858
2 changed files with 10 additions and 4 deletions

6
plugins/box/snippets/snippets.admin.php Normal file → Executable file
View File

@ -114,9 +114,15 @@
->display(); ->display();
break; break;
case "delete_snippet": case "delete_snippet":
if (Security::check(Request::get('token'))) {
File::delete($snippets_path.Request::get('filename').'.snippet.php'); File::delete($snippets_path.Request::get('filename').'.snippet.php');
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename'))))); Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
Request::redirect('index.php?id=snippets'); Request::redirect('index.php?id=snippets');
} else { die('csrf detected!'); }
break; break;
} }
} else { } else {

2
plugins/box/snippets/views/backend/index.view.php Normal file → Executable file
View File

@ -23,7 +23,7 @@
<td> <td>
<?php echo Html::anchor(__('Edit', 'snippets'), 'index.php?id=snippets&action=edit_snippet&filename='.basename($snippet, '.snippet.php'), array('class' => 'btn btn-actions')); ?> <?php echo Html::anchor(__('Edit', 'snippets'), 'index.php?id=snippets&action=edit_snippet&filename='.basename($snippet, '.snippet.php'), array('class' => 'btn btn-actions')); ?>
<?php echo Html::anchor(__('Delete', 'snippets'), <?php echo Html::anchor(__('Delete', 'snippets'),
'index.php?id=snippets&action=delete_snippet&filename='.basename($snippet, '.snippet.php'), 'index.php?id=snippets&action=delete_snippet&filename='.basename($snippet, '.snippet.php').'&token='.Security::token(),
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete snippet: :snippet', 'snippets', array(':snippet' => basename($snippet, '.snippet.php')))."')")); array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete snippet: :snippet', 'snippets', array(':snippet' => basename($snippet, '.snippet.php')))."')"));
?> ?>
</td> </td>