mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-03 04:55:36 +02:00
Code Issues Releases Wiki Activity

[ticket/12002] Add link hash to extension manager links

Browse Source 
PHPBB3-12002
This commit is contained in:
Joas Schilling 2013-11-08 14:08:02 +01:00
parent 082a467cc8
commit a6c73ea0c8
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
phpBB/includes/acp/acp_extensions.php
View File

@ -55,6 +55,11 @@ class acp_extensions
$ext_name = '';
}
if (in_array($action, array('enable', 'disable', 'delete_data')) && !check_link_hash($request->variable('hash', ''), $action . '.' . $ext_name))
{
trigger_error('FORM_INVALID', E_USER_WARNING);
}
// If they've specified an extension, let's load the metadata manager and validate it.
if ($ext_name)
{
@ -98,7 +103,7 @@ class acp_extensions
$template->assign_vars(array(
'PRE' => true,
'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')),
'U_ENABLE' => $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name),
'U_ENABLE' => $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name),
));
break;
@ -117,7 +122,7 @@ class acp_extensions
{
$template->assign_var('S_NEXT_STEP', true);
meta_refresh(0, $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name));
meta_refresh(0, $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name));
}
}
}
@ -144,7 +149,7 @@ class acp_extensions
$template->assign_vars(array(
'PRE' => true,
'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')),
'U_DISABLE' => $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name),
'U_DISABLE' => $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name),
));
break;
@ -156,7 +161,7 @@ class acp_extensions
{
$template->assign_var('S_NEXT_STEP', true);
meta_refresh(0, $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name));
meta_refresh(0, $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name));
}
}
@ -177,7 +182,7 @@ class acp_extensions
$template->assign_vars(array(
'PRE' => true,
'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')),
'U_PURGE' => $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name),
'U_PURGE' => $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name),
));
break;
@ -191,7 +196,7 @@ class acp_extensions
{
$template->assign_var('S_NEXT_STEP', true);
meta_refresh(0, $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name));
meta_refresh(0, $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name));
}
}
}