mirror of
https://github.com/monstra-cms/monstra.git
synced 2025-07-11 16:46:18 +02:00
Snippets Plugin: csrf vulnerability resolved
This commit is contained in:
6
plugins/box/snippets/snippets.admin.php
Normal file → Executable file
6
plugins/box/snippets/snippets.admin.php
Normal file → Executable file
@ -114,9 +114,15 @@
|
|||||||
->display();
|
->display();
|
||||||
break;
|
break;
|
||||||
case "delete_snippet":
|
case "delete_snippet":
|
||||||
|
|
||||||
|
if (Security::check(Request::get('token'))) {
|
||||||
|
|
||||||
File::delete($snippets_path.Request::get('filename').'.snippet.php');
|
File::delete($snippets_path.Request::get('filename').'.snippet.php');
|
||||||
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
|
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
|
||||||
Request::redirect('index.php?id=snippets');
|
Request::redirect('index.php?id=snippets');
|
||||||
|
|
||||||
|
} else { die('csrf detected!'); }
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
2
plugins/box/snippets/views/backend/index.view.php
Normal file → Executable file
2
plugins/box/snippets/views/backend/index.view.php
Normal file → Executable file
@ -23,7 +23,7 @@
|
|||||||
<td>
|
<td>
|
||||||
<?php echo Html::anchor(__('Edit', 'snippets'), 'index.php?id=snippets&action=edit_snippet&filename='.basename($snippet, '.snippet.php'), array('class' => 'btn btn-actions')); ?>
|
<?php echo Html::anchor(__('Edit', 'snippets'), 'index.php?id=snippets&action=edit_snippet&filename='.basename($snippet, '.snippet.php'), array('class' => 'btn btn-actions')); ?>
|
||||||
<?php echo Html::anchor(__('Delete', 'snippets'),
|
<?php echo Html::anchor(__('Delete', 'snippets'),
|
||||||
'index.php?id=snippets&action=delete_snippet&filename='.basename($snippet, '.snippet.php'),
|
'index.php?id=snippets&action=delete_snippet&filename='.basename($snippet, '.snippet.php').'&token='.Security::token(),
|
||||||
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete snippet: :snippet', 'snippets', array(':snippet' => basename($snippet, '.snippet.php')))."')"));
|
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete snippet: :snippet', 'snippets', array(':snippet' => basename($snippet, '.snippet.php')))."')"));
|
||||||
?>
|
?>
|
||||||
</td>
|
</td>
|
||||||
|
Reference in New Issue
Block a user