Skip to content

Commit

Permalink
Token checks added.
Browse files Browse the repository at this point in the history
  • Loading branch information
@CaMer0n
CaMer0n committed Sep 14, 2021
1 parent 6020de6 commit 2682aea
Show file tree
Hide file tree
Showing 6 changed files with 43 additions and 12 deletions.
11 changes: 7 additions & 4 deletions e107_admin/banlist.php
View file
Expand Up @@ -10,7 +10,10 @@
*
*
*/

if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php');

if (!getperms('4'))
Expand Down Expand Up @@ -534,7 +537,7 @@ protected function timesPage()
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_ban_prefs', LAN_UPDATE, 'update')."
<input type='hidden' name='e-token' value='".e_TOKEN."' />
<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
</div>
</fieldset>
</form>
Expand Down Expand Up @@ -651,7 +654,7 @@ protected function optionsPage()
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_ban_options', LAN_UPDATE, 'update')."
<input type='hidden' name='e-token' value='".e_TOKEN."' />
<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
</div>
</fieldset>
<fieldset id='core-banlist-options-ban'>
Expand All @@ -666,7 +669,7 @@ protected function optionsPage()
<td>".BANLAN_75."</td>
<td>
".$frm->admin_button('remove_expired_bans', BANLAN_76, 'delete')."
<input type='hidden' name='e-token' value='".e_TOKEN."' />
<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />
</td>
</tr>
</tbody>
Expand Down
5 changes: 5 additions & 0 deletions e107_admin/cache.php
View file
Expand Up @@ -10,6 +10,10 @@
*
*/

if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__."/../class2.php");

if (!getperms("C"))
Expand Down Expand Up @@ -205,6 +209,7 @@
'empty_browsercache' => CACLAN_27,
))."
".$frm->admin_button('trigger_empty_cache', LAN_DELETE, 'delete')."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
</fieldset>
</form>";
Expand Down
8 changes: 6 additions & 2 deletions e107_admin/emoticon.php
View file
Expand Up @@ -10,7 +10,10 @@
*
*
*/

if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php');
if (!getperms("F"))
{
Expand Down Expand Up @@ -157,6 +160,7 @@ function listPacks()
</table>
<div class='buttons-bar center'>
" . $frm->admin_button('active', 'active', 'update', LAN_UPDATE) . "
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
<fieldset>
</form>
Expand Down Expand Up @@ -228,7 +232,7 @@ function listPacks()
}

$text .= $frm->admin_button('XMLPack_' . $pack, 'submit', 'default', EMOLAN_28);
$text .= "
$text .= "<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</td>
</tr>
";
Expand Down
13 changes: 10 additions & 3 deletions e107_admin/eurl.php
View file
Expand Up @@ -9,7 +9,10 @@
* URL and front controller Management
*
*/

if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php');
if (!getperms('K'))
{
Expand Down Expand Up @@ -328,7 +331,9 @@ protected function simplePage()
}

$text .= "<div class='buttons-bar center'>".$frm->button('saveSimpleSef',LAN_SAVE, 'submit')."</div>";
$text .= $frm->token();
$text .= $frm->close();

$text .= "</div>";
return $text;
}
Expand Down Expand Up @@ -444,7 +449,8 @@ protected function AliasPage()
</tbody>
</table>
<div class='buttons-bar center'>
".$form->admin_button('update', LAN_UPDATE, 'update')."
".$form->admin_button('update', LAN_UPDATE, 'update').
$form->token()."
</div>
</fieldset>
</form>
Expand Down Expand Up @@ -564,7 +570,8 @@ protected function ConfigPage()
</tbody>
</table>
<div class='buttons-bar center'>
".$form->admin_button('update', LAN_UPDATE, 'update')."
".$form->admin_button('update', LAN_UPDATE, 'update').
$form->token()."
</div>
</fieldset>
</form>
Expand Down
8 changes: 7 additions & 1 deletion e107_admin/search.php
View file
Expand Up @@ -9,7 +9,10 @@
* Search Administration
*
*/

if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../class2.php');
if (!getperms('X'))
{
Expand Down Expand Up @@ -277,6 +280,7 @@
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_prefs', LAN_UPDATE, 'update')."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
</fieldset>
</form>
Expand Down Expand Up @@ -348,6 +352,7 @@
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_handler', 'no-value', 'update', LAN_UPDATE)."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
</fieldset>
</form>
Expand Down Expand Up @@ -520,6 +525,7 @@
</table>
<div class='buttons-bar center'>
".$frm->admin_button('update_main','no-value','update',LAN_UPDATE)."
<input type='hidden' name='e-token' value='" . defset('e_TOKEN') . "' />
</div>
</fieldset>
</form>
Expand Down
10 changes: 8 additions & 2 deletions e107_plugins/social/admin_config.php
View file
@@ -1,7 +1,10 @@
<?php

// Generated e107 Plugin Admin Area

if(!empty($_POST) && !isset($_POST['e-token']))
{
$_POST['e-token'] = '';
}
require_once(__DIR__.'/../../class2.php');
if (!getperms('P'))
{
Expand Down Expand Up @@ -443,9 +446,10 @@ public function pagesPage()
$ret .= "<div class='buttons-bar center'>
".$frm->button('save_social_pages',1,'submit',LAN_SAVE)."
</div>";

$ret .= $frm->token();
$ret .= $frm->close();

return $ret;
Expand All @@ -467,6 +471,7 @@ public function modifyPage()
$text .= $this->generateSocialLoginForm($var);

$text .= "<div class='buttons-bar center'>".$frm->button('save_social_logins',1,'submit',LAN_ADD)."</div>";
$text .= $frm->token();
$text .= $frm->close();

return $text;
Expand Down Expand Up @@ -563,6 +568,7 @@ public function configurePage()
</div>";

$ret .= $frm->token();
$ret .= $frm->close();

return $ret;
Expand Down

0 comments on commit 2682aea

Please sign in to comment.