mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-11 03:04:09 +02:00
Code Issues Releases Wiki Activity

Merge branch '3.1.x' into 3.2.x

Browse Source 
* 3.1.x:
  [ticket/14789] Add form tokens to tests and uncomment add_form_key
  [ticket/14789] Add link hashes and form tokens to all acp links/buttons
This commit is contained in:
Tristan Darricau
2016-09-18 21:14:47 +02:00
parent 47d2f34a1b bc08813866
commit 19bbbfe0f3
9 changed files with 118 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
phpBB/includes/acp/acp_modules.php
View File

@@ -50,6 +50,9 @@ class acp_modules
$user->add_lang('acp/modules');
$this->tpl_name = 'acp_modules';
$form_key = 'acp_modules';
add_form_key($form_key);
// module class
$this->module_class = $mode;
@@ -130,6 +133,11 @@ class acp_modules
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
$sql = 'SELECT *
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -161,6 +169,11 @@ class acp_modules
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
$sql = 'SELECT *
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -305,6 +318,11 @@ class acp_modules
if ($submit)
{
if (!check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
if (!$module_data['module_langname'])
{
trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
@@ -506,12 +524,12 @@ class acp_modules
'S_ACP_MODULE_MANAGEMENT' => ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false,
'U_MODULE' => $this->u_action . '&parent_id=' . $row['module_id'],
'U_MOVE_UP' => $url . '&action=move_up',
'U_MOVE_DOWN' => $url . '&action=move_down',
'U_MOVE_UP' => $url . '&action=move_up&hash=' . generate_link_hash('acp_modules'),
'U_MOVE_DOWN' => $url . '&action=move_down&hash=' . generate_link_hash('acp_modules'),
'U_EDIT' => $url . '&action=edit',
'U_DELETE' => $url . '&action=delete',
'U_ENABLE' => $url . '&action=enable',
'U_DISABLE' => $url . '&action=disable')
'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
);
}
while ($row = $db->sql_fetchrow($result));
@@ -538,8 +556,8 @@ class acp_modules
'U_EDIT' => $url . '&action=edit',
'U_DELETE' => $url . '&action=delete',
'U_ENABLE' => $url . '&action=enable',
'U_DISABLE' => $url . '&action=disable')
'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
);
}
$db->sql_freeresult($result);