mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-02 14:57:37 +02:00
Code Issues Releases Wiki Activity

[ticket/security-161] Add form token to styles management form.

Browse Source 
SECURITY-161
This commit is contained in:
Cesar G
2014-10-22 14:31:19 -07:00
parent 8442f2239d
commit 4d30633cd4
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
phpBB/includes/acp/acp_styles.php
View File

@@ -69,11 +69,6 @@ class acp_styles
$action = $this->request->variable('action', ''); $action = $this->request->variable('action', '');
$post_actions = array('install', 'activate', 'deactivate', 'uninstall'); $post_actions = array('install', 'activate', 'deactivate', 'uninstall');
if ($action && in_array($action, $post_actions) && !check_link_hash($request->variable('hash', ''), $action))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
foreach ($post_actions as $key) foreach ($post_actions as $key)
{ {
if ($this->request->is_set_post($key)) if ($this->request->is_set_post($key))
@@ -82,6 +77,18 @@ class acp_styles
} }
} }
// The uninstall action uses confirm_box() to verify the validity of the request,
// so there is no need to check for a valid token here.
if (in_array($action, $post_actions) && $action != 'uninstall')
{
$is_valid_request = check_link_hash($request->variable('hash', ''), $action) || check_form_key('styles_management');
if (!$is_valid_request)
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
}
if ($action != '') if ($action != '')
{ {
$this->s_hidden_fields['action'] = $action; $this->s_hidden_fields['action'] = $action;
@@ -121,6 +128,8 @@ class acp_styles
*/ */
protected function frontend() protected function frontend()
{ {
add_form_key('styles_management');
// Check mode // Check mode
switch ($this->mode) switch ($this->mode)
{ {