ZwiiCMS-Team/ZwiiCMS
ZwiiCMS-Team/ZwiiCMS
10
9
Fork 3
Code Releases 153 Activity

Exposition du code de session

Browse Source
This commit is contained in:
Fred Tempez 2023-06-19 19:46:00 +02:00
parent 0cd487f211
commit 229d521502
16 changed files with 72 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/class/layout.class.php
View File

@ -356,7 +356,7 @@ class layout extends common
$items .= '<wbr>' . template::ico('user', [
'margin' => 'all',
'help' => 'Mon compte',
'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id') . '/' . $_SESSION['csrf']
'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id')
]);
$items .= '<wbr>' . template::ico('logout', [
'margin' => 'all',
@ -509,7 +509,7 @@ class layout extends common
$itemsRight .= '<li>' . template::ico('user', [
'help' => 'Mon compte',
'margin' => 'right',
'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id') . '/' . $_SESSION['csrf']
'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id')
]) . '</li>';
$itemsRight .= '<li>' .
template::ico('logout', [
@ -1055,7 +1055,7 @@ class layout extends common
}
}
if ($this->getUser('group') >= self::GROUP_MODERATOR) {
$rightItems .= '<li><a href="' . helper::baseUrl() . 'user/edit/' . $this->getUser('id') . '/' . $_SESSION['csrf'] .
$rightItems .= '<li><a href="' . helper::baseUrl() . 'user/edit/' . $this->getUser('id') .
'" data-tippy-content="' . helper::translate('Configurer mon compte') . '">' .
template::ico('user', ['margin' => 'right']) . '<span id="displayUsername">' . $this->getUser('firstname') . ' ' . $this->getUser('lastname') .
'</span></a></li>';

2
core/class/template.class.php
View File

@ -397,7 +397,7 @@ class template
$html = '<form id="' . $id . '" method="post">';
// Stock le token CSRF
$html .= self::hidden('csrf', [
'value' => $_SESSION['csrf']
'value' => htmlentities($_SESSION['csrf'], ENT_QUOTES | ENT_HTML5, 'UTF-8')
]);
// Retourne le html
return $html;

2
core/core.php
View File

@ -1362,7 +1362,7 @@ class core extends common
parent::__construct();
// Token CSRF
if (empty($_SESSION['csrf'])) {
$_SESSION['csrf'] = bin2hex(openssl_random_pseudo_bytes(32));
$_SESSION['csrf'] = bin2hex(openssl_random_pseudo_bytes(128));
}
// Fuseau horaire

26
core/module/plugin/plugin.php
View File

@ -63,7 +63,7 @@ class plugin extends common
{
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'plugin',
@ -292,7 +292,7 @@ class plugin extends common
public function uploadItem()
{
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'store',
@ -383,7 +383,7 @@ class plugin extends common
implode(' - ', $pageInfos),
template::button('moduleExport' . $key, [
'class' => $class,
'href' => helper::baseUrl() . $this->getUrl(0) . '/uploadItem/' . $key . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/uploadItem/' . $key,
'value' => $ico,
'help' => $help
])
@ -481,7 +481,7 @@ class plugin extends common
$infoModules[$key]['delete'] === true
? template::button('moduleDelete' . $key, [
'class' => 'moduleDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $key . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $key,
'value' => template::ico('trash'),
'help' => 'Supprimer le module'
])
@ -502,12 +502,12 @@ class plugin extends common
$infoModules[$key]['version'],
'',
template::button('moduleSave' . $key, [
'href' => helper::baseUrl() . $this->getUrl(0) . '/save/filemanager/' . $key . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/save/filemanager/' . $key,
'value' => template::ico('download-cloud'),
'help' => 'Sauvegarder le module dans le gestionnaire de fichiers'
]),
template::button('moduleDownload' . $key, [
'href' => helper::baseUrl() . $this->getUrl(0) . '/save/download/' . $key . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/save/download/' . $key,
'value' => template::ico('download'),
'help' => 'Sauvegarder et télécharger le module'
])
@ -533,19 +533,19 @@ class plugin extends common
$infoModules[$pagesInfos[$keyi18n][$keyPage]['moduleId']]['version'],
template::flag($keyi18n, '20px') . '&nbsp<a href ="' . helper::baseUrl() . $keyPage . '" target="_blank">' . $pagesInfos[$keyi18n][$keyPage]['title'] . ' (' . $keyPage . ')</a>',
template::button('dataExport' . $keyPage, [
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/filemanager/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/filemanager/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage,
// appel de fonction vaut exécution, utiliser un paramètre
'value' => template::ico('download-cloud'),
'help' => 'Sauvegarder les données du module dans le gestionnaire de fichiers'
]),
template::button('dataExport' . $keyPage, [
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/download/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/download/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage,
// appel de fonction vaut exécution, utiliser un paramètre
'value' => template::ico('download'),
'help' => 'Sauvegarder et télécharger les données du module'
]),
template::button('dataDelete' . $keyPage, [
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataDelete/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataDelete/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage,
// appel de fonction vaut exécution, utiliser un paramètre
'value' => template::ico('trash'),
'class' => 'buttonRed dataDelete',
@ -572,7 +572,7 @@ class plugin extends common
public function save()
{
// Jeton incorrect
if ($this->getUrl(4) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'plugin',
@ -646,7 +646,7 @@ class plugin extends common
public function dataDelete()
{
// Jeton incorrect
if ($this->getUrl(5) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'plugin',
@ -677,7 +677,7 @@ class plugin extends common
public function dataExport()
{
// Jeton incorrect
if ($this->getUrl(6) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'plugin',
@ -818,7 +818,7 @@ class plugin extends common
// Bouton d'importation des données d'un module spécifique
if (count(explode('/', $this->getUrl())) === 6) {
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'plugin',

6
core/module/theme/theme.php
View File

@ -625,14 +625,14 @@ class theme extends common
$type,
$type !== 'websafe' ? template::button('themeFontEdit' . $fontId, [
'class' => 'themeFontEdit',
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId,
'value' => template::ico('pencil'),
'disabled' => !empty($fontUsed[$fontId])
])
: '',
$type !== 'websafe' ? template::button('themeFontDelete' . $fontId, [
'class' => 'themeFontDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontDelete/' . $type . '/' . $fontId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontDelete/' . $type . '/' . $fontId,
'value' => template::ico('cancel'),
'disabled' => !empty($fontUsed[$fontId])
])
@ -775,7 +775,7 @@ class theme extends common
public function fontDelete()
{
// Jeton incorrect
if ($this->getUrl(4) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'theme/fonts',

14
core/module/translate/translate.php
View File

@ -69,7 +69,7 @@ class translate extends common
$lang = $this->getUrl(2);
// Jeton incorrect ou URl avec le code langue incorrecte
if (
$this->getUrl(3) !== $_SESSION['csrf'] &&
$this->checkCSRF() &&
array_key_exists($lang, self::$languages) === false
) {
// Valeurs en sortie
@ -198,7 +198,7 @@ class translate extends common
]),
template::button('translateContentLanguageLocaleDelete' . $key, [
'class' => 'translateDelete buttonRed' . ($messageLocale ? ' disabled' : ''),
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/locale/' . $key . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/locale/' . $key,
'value' => template::ico('trash'),
'help' => 'Supprimer',
])
@ -253,13 +253,13 @@ class translate extends common
*/
template::button('translateContentLanguageUIDownload' . $file, [
'class' => version_compare($installedUI[$file]['version'], $storeUI[$file]['version']) < 0 ? 'buttonGreen' : '',
'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file,
'value' => template::ico('update'),
'help' => 'Mettre à jour',
]),
template::button('translateContentLanguageUIDelete' . $file, [
'class' => 'translateDelete buttonRed' . (in_array($file, $usersUI) ? ' disabled' : ''),
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/ui/' . $file . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/ui/' . $file,
'value' => template::ico('trash'),
'help' => 'Supprimer',
]),
@ -278,7 +278,7 @@ class translate extends common
'',
template::button('translateContentLanguageUIDownload' . $file, [
'class' => 'buttonGreen',
'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file,
'value' => template::ico('shopping-basket'),
'help' => 'Installer',
])
@ -541,7 +541,7 @@ class translate extends common
$target = $this->getUrl(2);
$lang = $this->getUrl(3);
if (
$this->getUrl(4) !== $_SESSION['csrf']
$this->checkCSRF()
|| array_key_exists($lang, self::$languages) === false
) {
// Valeurs en sortie
@ -596,7 +596,7 @@ class translate extends common
// Jeton incorrect ou URl avec le code langue incorrecte
$lang = $this->getUrl(2);
if (
$this->getUrl(3) !== $_SESSION['csrf']
$this->checkCSRF()
|| array_key_exists($lang, self::$languages) === false
) {
// Valeurs en sortie

18
core/module/user/user.php
View File

@ -194,7 +194,7 @@ class user extends common
]);
}
// Jeton incorrect
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'user',
@ -227,7 +227,7 @@ class user extends common
public function edit()
{
if (
$this->getUrl(3) !== $_SESSION['csrf']
$this->checkCSRF()
) {
// Valeurs en sortie
@ -436,13 +436,13 @@ class user extends common
$userFirstname . ' ' . $this->getData(['user', $userId, 'lastname']),
helper::translate(self::$groups[(int) $this->getData(['user', $userId, 'group'])]),
template::button('userEdit' . $userId, [
'href' => helper::baseUrl() . 'user/edit/' . $userId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . 'user/edit/' . $userId,
'value' => template::ico('pencil'),
'help' => 'Éditer'
]),
template::button('userDelete' . $userId, [
'class' => 'userDelete buttonRed',
'href' => helper::baseUrl() . 'user/delete/' . $userId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . 'user/delete/' . $userId,
'value' => template::ico('trash'),
'help' => 'Supprimer'
])
@ -475,14 +475,14 @@ class user extends common
$groupData['name'],
nl2br($groupData['comment']),
template::button('profilEdit' . $groupId, [
'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId,
'value' => template::ico('pencil'),
'help' => 'Éditer',
'disabled' => $groupData['readonly'],
]),
template::button('permissionDelete' . $groupId, [
'class' => 'userDelete buttonRed',
'href' => helper::baseUrl() . 'user/permissionDelete/' . $groupId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . 'user/permissionDelete/' . $groupId,
'value' => template::ico('trash'),
'help' => 'Supprimer',
'disabled' => $groupData['readonly'],
@ -499,14 +499,14 @@ class user extends common
self::$groups[$groupId] . '<br />Profil : ' . $subGroupData['name'],
nl2br($subGroupData['comment']),
template::button('profilEdit' . $groupId . $subGroupId, [
'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId . '/' . $subGroupId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId . '/' . $subGroupId,
'value' => template::ico('pencil'),
'help' => 'Éditer',
'disabled' => $subGroupData['readonly'],
]),
template::button('profilDelete' . $groupId . $subGroupId, [
'class' => 'userDelete buttonRed',
'href' => helper::baseUrl() . 'user/profilDelete/' . $groupId . '/' . $subGroupId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . 'user/profilDelete/' . $groupId . '/' . $subGroupId,
'value' => template::ico('trash'),
'help' => 'Supprimer',
'disabled' => $subGroupData['readonly'],
@ -528,7 +528,7 @@ class user extends common
public function profilEdit()
{
if (
$this->getUrl(4) !== $_SESSION['csrf']
$this->checkCSRF()
) {
// Valeurs en sortie

20
module/blog/blog.php
View File

@ -320,7 +320,7 @@ class blog extends common
$comments = $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment']);
self::$commentsDelete = template::button('blogCommentDeleteAll', [
'class' => 'blogCommentDeleteAll buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2) . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2),
'value' => 'Tout effacer'
]);
// Ids des commentaires par ordre de création
@ -340,7 +340,7 @@ class blog extends common
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'commentApproved']) === true) {
$buttonApproval = template::button('blogCommentApproved' . $commentIds[$i], [
'class' => $comment['approval'] === true ? 'blogCommentRejected buttonGreen' : 'blogCommentApproved buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i],
'value' => $comment['approval'] === true ? 'A' : 'R',
'help' => $comment['approval'] === true ? 'Approuvé' : 'Rejeté',
]);
@ -354,7 +354,7 @@ class blog extends common
$buttonApproval,
template::button('blogCommentDelete' . $commentIds[$i], [
'class' => 'blogCommentDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i],
'value' => template::ico('trash')
])
];
@ -379,7 +379,7 @@ class blog extends common
]);
}
// Jeton incorrect
elseif ($this->getUrl(4) !== $_SESSION['csrf']) {
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -404,7 +404,7 @@ class blog extends common
public function commentDeleteAll()
{
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -436,7 +436,7 @@ class blog extends common
]);
}
// Jeton incorrect
elseif ($this->getUrl(4) !== $_SESSION['csrf']) {
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -536,12 +536,12 @@ class blog extends common
'help' => ($toApprove || $approved) > 0 ? 'Éditer / Approuver les commentaires' : ''
]),
template::button('blogConfigEdit' . $articleIds[$i], [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i],
'value' => template::ico('pencil')
]),
template::button('blogConfigDelete' . $articleIds[$i], [
'class' => 'blogConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i],
'value' => template::ico('trash')
])
];
@ -601,7 +601,7 @@ class blog extends common
]);
}
// Jeton incorrect
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -626,7 +626,7 @@ class blog extends common
public function edit()
{
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',

2
module/blog/view/article/article.php
View File

@ -39,7 +39,7 @@
)
)
) : ?>
<a href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf']; ?>">
<a href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1); ?>">
<?php echo template::ico('pencil'); ?> Éditer
</a>
<?php endif; ?>

2
module/blog/view/index/index.php
View File

@ -73,7 +73,7 @@
)
): ?>
<a
href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleId . '/' . $_SESSION['csrf']; ?>">
href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleId; ?>">
<?php echo template::ico('pencil'); ?> Éditer
</a>
<?php endif; ?>

8
module/form/form.php
View File

@ -246,7 +246,7 @@ class form extends common
$content,
template::button('formDataDelete' . $dataIds[$i], [
'class' => 'formDataDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $dataIds[$i] . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $dataIds[$i],
'value' => template::ico('trash')
])
];
@ -267,7 +267,7 @@ class form extends common
public function export2csv()
{
// Jeton incorrect
if ($this->getUrl(2) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',
@ -308,7 +308,7 @@ class form extends common
public function deleteall()
{
// Jeton incorrect
if ($this->getUrl(2) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',
@ -346,7 +346,7 @@ class form extends common
// Jeton incorrect
if (
$this->getUser('permission', 'form', 'delete') === false ||
$this->getUrl(3) !== $_SESSION['csrf']) {
$this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',

4
module/form/view/data/data.php
View File

@ -9,14 +9,14 @@
<div class="col1 offset9">
<?php echo template::button('formDataDeleteAll', [
'class' => 'formDataDeleteAll buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/deleteall' . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/deleteall',
'value' => template::ico('trash'),
'help' => 'Effacer toutes les données'
]); ?>
</div>
<div class="col1">
<?php echo template::button('formDataBack', [
'href' => helper::baseUrl() . $this->getUrl(0) . '/export2csv' . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/export2csv',
'value' => template::ico('download'),
'help' => 'Exporter toutes les données'
]); ?>

18
module/gallery/gallery.php
View File

@ -385,13 +385,13 @@ class gallery extends common
$gallery['config']['name'],
$gallery['config']['directory'],
template::button('galleryConfigEdit' . $galleryId, [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId,
'value' => template::ico('pencil'),
'help' => 'Configuration de la galerie '
]),
template::button('galleryConfigDelete' . $galleryId, [
'class' => 'galleryConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId,
'value' => template::ico('trash'),
'help' => 'Supprimer cette galerie'
])
@ -508,7 +508,7 @@ class gallery extends common
]);
}
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -545,7 +545,7 @@ class gallery extends common
public function edit()
{
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -590,7 +590,7 @@ class gallery extends common
]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(2) . '/' . $_SESSION['csrf'],
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(2),
'notification' => helper::translate('Modifications enregistrées'),
'state' => true
]);
@ -855,7 +855,7 @@ class gallery extends common
public function theme()
{
// Jeton incorrect
if ($this->getUrl(2) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -936,7 +936,7 @@ class gallery extends common
*/
if ($this->getUrl(2) === 'galleries') {
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -977,7 +977,7 @@ class gallery extends common
*/
} elseif ($this->getUrl(2) === 'gallery') {
// Jeton incorrect
if ($this->getUrl(4) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit',
@ -1028,7 +1028,7 @@ class gallery extends common
}
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId . '/' . $_SESSION['csrf'],
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId,
'notification' => helper::translate('Modifications enregistrées'),
'state' => true
]);

12
module/news/news.php
View File

@ -239,12 +239,12 @@ class news extends common
$dateOff,
helper::translate(self::$states[$this->getData(['module', $this->getUrl(0), 'posts', $newsIds[$i], 'state'])]),
template::button('newsConfigEdit' . $newsIds[$i], [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i],
'value' => template::ico('pencil')
]),
template::button('newsConfigDelete' . $newsIds[$i], [
'class' => 'newsConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i],
'value' => template::ico('trash')
])
];
@ -338,12 +338,12 @@ class news extends common
$dateOff,
helper::translate(helper::translate(self::$states[$this->getData(['module', $this->getUrl(0), 'posts', $newsIds[$i], 'state'])])),
template::button('newsConfigEdit' . $newsIds[$i], [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i],
'value' => template::ico('pencil')
]),
template::button('newsConfigDelete' . $newsIds[$i], [
'class' => 'newsConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i],
'value' => template::ico('cancel')
])
];
@ -373,7 +373,7 @@ class news extends common
]);
}
// Jeton incorrect
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -398,7 +398,7 @@ class news extends common
public function edit()
{
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',

2
module/news/view/article/article.php
View File

@ -18,7 +18,7 @@
( $this->getUser('group') === self::GROUP_ADMIN )
)
): ?>
<a href ="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf'];?>">
<a href ="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1);?>">
<?php echo template::ico('pencil');?> Éditer
</a>
<?php endif; ?>

2
module/news/view/index/index.php
View File

@ -34,7 +34,7 @@
)
): ?>
<a
href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsId . '/' . $_SESSION['csrf']; ?>">
href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsId; ?>">
<?php echo template::ico('pencil'); ?> Éditer
</a>
<?php endif; ?>