mirror of
https://github.com/monstra-cms/monstra.git
synced 2025-07-11 00:26:18 +02:00
Snippets Plugin: csrf vulnerability resolved
This commit is contained in:
12
plugins/box/snippets/snippets.admin.php
Normal file → Executable file
12
plugins/box/snippets/snippets.admin.php
Normal file → Executable file
@ -114,9 +114,15 @@
|
||||
->display();
|
||||
break;
|
||||
case "delete_snippet":
|
||||
File::delete($snippets_path.Request::get('filename').'.snippet.php');
|
||||
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
|
||||
Request::redirect('index.php?id=snippets');
|
||||
|
||||
if (Security::check(Request::get('token'))) {
|
||||
|
||||
File::delete($snippets_path.Request::get('filename').'.snippet.php');
|
||||
Notification::set('success', __('Snippet <i>:name</i> deleted', 'snippets', array(':name' => File::name(Request::get('filename')))));
|
||||
Request::redirect('index.php?id=snippets');
|
||||
|
||||
} else { die('csrf detected!'); }
|
||||
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
|
2
plugins/box/snippets/views/backend/index.view.php
Normal file → Executable file
2
plugins/box/snippets/views/backend/index.view.php
Normal file → Executable file
@ -23,7 +23,7 @@
|
||||
<td>
|
||||
<?php echo Html::anchor(__('Edit', 'snippets'), 'index.php?id=snippets&action=edit_snippet&filename='.basename($snippet, '.snippet.php'), array('class' => 'btn btn-actions')); ?>
|
||||
<?php echo Html::anchor(__('Delete', 'snippets'),
|
||||
'index.php?id=snippets&action=delete_snippet&filename='.basename($snippet, '.snippet.php'),
|
||||
'index.php?id=snippets&action=delete_snippet&filename='.basename($snippet, '.snippet.php').'&token='.Security::token(),
|
||||
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete snippet: :snippet', 'snippets', array(':snippet' => basename($snippet, '.snippet.php')))."')"));
|
||||
?>
|
||||
</td>
|
||||
|
Reference in New Issue
Block a user