From 700f4a67caa60456561334938060fd8a2d7ed2d4 Mon Sep 17 00:00:00 2001
From: Ahmad Gneady <support@bigprof.com>
Date: Mon, 13 Sep 2021 13:50:28 +0200
Subject: [PATCH] Protect `pageChangeMemberStatus.php` against CSRF.

---
 app/admin/pageChangeMemberStatus.php |  2 ++
 app/admin/pageViewMembers.php        | 10 ++++++----
 2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/app/admin/pageChangeMemberStatus.php b/app/admin/pageChangeMemberStatus.php
index b2358a9..792b4b0 100644
--- a/app/admin/pageChangeMemberStatus.php
+++ b/app/admin/pageChangeMemberStatus.php
@@ -2,6 +2,8 @@
 	$currDir = dirname(__FILE__);
 	require("{$currDir}/incCommon.php");
 
+	if(!csrf_token(true)) die($Translation['csrf token expired or invalid']);
+
 	// validate input
 	$memberID = makeSafe(strtolower($_GET['memberID']));
 	$unban = ($_GET['unban'] == 1 ? 1 : 0);
diff --git a/app/admin/pageViewMembers.php b/app/admin/pageViewMembers.php
index 3875f77..9f5345c 100644
--- a/app/admin/pageViewMembers.php
+++ b/app/admin/pageViewMembers.php
@@ -113,6 +113,8 @@
 
 	$start = ($page - 1) * $adminConfig['membersPerPage'];
 
+	$urlCsrfToken = 'csrf_token=' . urlencode(csrf_token(false, true));
+
 ?>
 <div class="page-header">
 	<h1>
@@ -256,15 +258,15 @@
 					<i class="glyphicon glyphicon-trash text-muted"></i>
 					<i class="glyphicon glyphicon-ban-circle text-muted"></i>
 				<?php } else { ?>
-					<a href="pageDeleteMember.php?memberID=<?php echo urlencode($row[0]); ?>&csrf_token=<?php echo urlencode(csrf_token(false, true)); ?>" onClick="return confirm('<?php echo addslashes(str_replace('<USERNAME>', $row[0], $Translation['sure delete user'])); ?>');"><i class="glyphicon glyphicon-trash text-danger" title="<?php echo $Translation['delete member']; ?>"></i></a>
+					<a href="pageDeleteMember.php?memberID=<?php echo urlencode($row[0]); ?>&<?php echo $urlCsrfToken; ?>" onClick="return confirm('<?php echo addslashes(str_replace('<USERNAME>', $row[0], $Translation['sure delete user'])); ?>');"><i class="glyphicon glyphicon-trash text-danger" title="<?php echo $Translation['delete member']; ?>"></i></a>
 					<?php
 						if(!$row[9]) { // if member is not approved, display approve link
-							?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&approve=1"><i class="glyphicon glyphicon-ok text-success" title="<?php echo $Translation["unban this member"]; ?>" title="<?php echo $Translation["approve this member"]; ?>"></i></a><?php
+							?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&approve=1&<?php echo $urlCsrfToken; ?>"><i class="glyphicon glyphicon-ok text-success" title="<?php echo $Translation["unban this member"]; ?>" title="<?php echo $Translation["approve this member"]; ?>"></i></a><?php
 						} else {
 							if($row[8]) { // if member is banned, display unban link
-								?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&unban=1"><i class="glyphicon glyphicon-ok text-success" title="<?php echo $Translation["unban this member"]; ?>"></i></a><?php
+								?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&unban=1&<?php echo $urlCsrfToken; ?>"><i class="glyphicon glyphicon-ok text-success" title="<?php echo $Translation["unban this member"]; ?>"></i></a><?php
 							} else { // if member is not banned, display ban link
-								?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&ban=1"><i class="glyphicon glyphicon-ban-circle text-danger" title="<?php echo $Translation["ban this member"]; ?>"></i></a><?php
+								?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&ban=1&<?php echo $urlCsrfToken; ?>"><i class="glyphicon glyphicon-ban-circle text-danger" title="<?php echo $Translation["ban this member"]; ?>"></i></a><?php
 							}
 						}
 					?>
