From 229d521502305e5831a91d5a13a2f6572f10c521 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Mon, 19 Jun 2023 19:46:00 +0200 Subject: [PATCH] Exposition du code de session --- core/class/layout.class.php | 6 +++--- core/class/template.class.php | 2 +- core/core.php | 2 +- core/module/plugin/plugin.php | 26 +++++++++++++------------- core/module/theme/theme.php | 6 +++--- core/module/translate/translate.php | 14 +++++++------- core/module/user/user.php | 18 +++++++++--------- module/blog/blog.php | 20 ++++++++++---------- module/blog/view/article/article.php | 2 +- module/blog/view/index/index.php | 2 +- module/form/form.php | 8 ++++---- module/form/view/data/data.php | 4 ++-- module/gallery/gallery.php | 18 +++++++++--------- module/news/news.php | 12 ++++++------ module/news/view/article/article.php | 2 +- module/news/view/index/index.php | 2 +- 16 files changed, 72 insertions(+), 72 deletions(-) diff --git a/core/class/layout.class.php b/core/class/layout.class.php index b36da6f6..950910d7 100644 --- a/core/class/layout.class.php +++ b/core/class/layout.class.php @@ -356,7 +356,7 @@ class layout extends common $items .= '' . template::ico('user', [ 'margin' => 'all', 'help' => 'Mon compte', - 'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id') . '/' . $_SESSION['csrf'] + 'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id') ]); $items .= '' . template::ico('logout', [ 'margin' => 'all', @@ -509,7 +509,7 @@ class layout extends common $itemsRight .= '
  • ' . template::ico('user', [ 'help' => 'Mon compte', 'margin' => 'right', - 'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id') . '/' . $_SESSION['csrf'] + 'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id') ]) . '
    • '; $itemsRight .= '
  • ' . template::ico('logout', [ @@ -1055,7 +1055,7 @@ class layout extends common } } if ($this->getUser('group') >= self::GROUP_MODERATOR) { - $rightItems .= '
  • getUser('id') . '" data-tippy-content="' . helper::translate('Configurer mon compte') . '">' . template::ico('user', ['margin' => 'right']) . '' . $this->getUser('firstname') . ' ' . $this->getUser('lastname') . '
    • '; diff --git a/core/class/template.class.php b/core/class/template.class.php index e58836c9..1651cb6b 100644 --- a/core/class/template.class.php +++ b/core/class/template.class.php @@ -397,7 +397,7 @@ class template $html = '
    '; // Stock le token CSRF $html .= self::hidden('csrf', [ - 'value' => $_SESSION['csrf'] + 'value' => htmlentities($_SESSION['csrf'], ENT_QUOTES | ENT_HTML5, 'UTF-8') ]); // Retourne le html return $html; diff --git a/core/core.php b/core/core.php index add2e693..6cfa4465 100644 --- a/core/core.php +++ b/core/core.php @@ -1362,7 +1362,7 @@ class core extends common parent::__construct(); // Token CSRF if (empty($_SESSION['csrf'])) { - $_SESSION['csrf'] = bin2hex(openssl_random_pseudo_bytes(32)); + $_SESSION['csrf'] = bin2hex(openssl_random_pseudo_bytes(128)); } // Fuseau horaire diff --git a/core/module/plugin/plugin.php b/core/module/plugin/plugin.php index 0db670a6..0b840067 100644 --- a/core/module/plugin/plugin.php +++ b/core/module/plugin/plugin.php @@ -63,7 +63,7 @@ class plugin extends common { // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'plugin', @@ -292,7 +292,7 @@ class plugin extends common public function uploadItem() { // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'store', @@ -383,7 +383,7 @@ class plugin extends common implode(' - ', $pageInfos), template::button('moduleExport' . $key, [ 'class' => $class, - 'href' => helper::baseUrl() . $this->getUrl(0) . '/uploadItem/' . $key . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/uploadItem/' . $key, 'value' => $ico, 'help' => $help ]) @@ -481,7 +481,7 @@ class plugin extends common $infoModules[$key]['delete'] === true ? template::button('moduleDelete' . $key, [ 'class' => 'moduleDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $key . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $key, 'value' => template::ico('trash'), 'help' => 'Supprimer le module' ]) @@ -502,12 +502,12 @@ class plugin extends common $infoModules[$key]['version'], '', template::button('moduleSave' . $key, [ - 'href' => helper::baseUrl() . $this->getUrl(0) . '/save/filemanager/' . $key . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/save/filemanager/' . $key, 'value' => template::ico('download-cloud'), 'help' => 'Sauvegarder le module dans le gestionnaire de fichiers' ]), template::button('moduleDownload' . $key, [ - 'href' => helper::baseUrl() . $this->getUrl(0) . '/save/download/' . $key . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/save/download/' . $key, 'value' => template::ico('download'), 'help' => 'Sauvegarder et télécharger le module' ]) @@ -533,19 +533,19 @@ class plugin extends common $infoModules[$pagesInfos[$keyi18n][$keyPage]['moduleId']]['version'], template::flag($keyi18n, '20px') . ' ' . $pagesInfos[$keyi18n][$keyPage]['title'] . ' (' . $keyPage . ')', template::button('dataExport' . $keyPage, [ - 'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/filemanager/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/filemanager/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage, // appel de fonction vaut exécution, utiliser un paramètre 'value' => template::ico('download-cloud'), 'help' => 'Sauvegarder les données du module dans le gestionnaire de fichiers' ]), template::button('dataExport' . $keyPage, [ - 'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/download/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/download/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage, // appel de fonction vaut exécution, utiliser un paramètre 'value' => template::ico('download'), 'help' => 'Sauvegarder et télécharger les données du module' ]), template::button('dataDelete' . $keyPage, [ - 'href' => helper::baseUrl() . $this->getUrl(0) . '/dataDelete/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/dataDelete/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage, // appel de fonction vaut exécution, utiliser un paramètre 'value' => template::ico('trash'), 'class' => 'buttonRed dataDelete', @@ -572,7 +572,7 @@ class plugin extends common public function save() { // Jeton incorrect - if ($this->getUrl(4) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'plugin', @@ -646,7 +646,7 @@ class plugin extends common public function dataDelete() { // Jeton incorrect - if ($this->getUrl(5) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'plugin', @@ -677,7 +677,7 @@ class plugin extends common public function dataExport() { // Jeton incorrect - if ($this->getUrl(6) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'plugin', @@ -818,7 +818,7 @@ class plugin extends common // Bouton d'importation des données d'un module spécifique if (count(explode('/', $this->getUrl())) === 6) { // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'plugin', diff --git a/core/module/theme/theme.php b/core/module/theme/theme.php index b7807b0e..e82604c0 100644 --- a/core/module/theme/theme.php +++ b/core/module/theme/theme.php @@ -625,14 +625,14 @@ class theme extends common $type, $type !== 'websafe' ? template::button('themeFontEdit' . $fontId, [ 'class' => 'themeFontEdit', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId, 'value' => template::ico('pencil'), 'disabled' => !empty($fontUsed[$fontId]) ]) : '', $type !== 'websafe' ? template::button('themeFontDelete' . $fontId, [ 'class' => 'themeFontDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/fontDelete/' . $type . '/' . $fontId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/fontDelete/' . $type . '/' . $fontId, 'value' => template::ico('cancel'), 'disabled' => !empty($fontUsed[$fontId]) ]) @@ -775,7 +775,7 @@ class theme extends common public function fontDelete() { // Jeton incorrect - if ($this->getUrl(4) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'theme/fonts', diff --git a/core/module/translate/translate.php b/core/module/translate/translate.php index eae857a2..8cc5e81c 100644 --- a/core/module/translate/translate.php +++ b/core/module/translate/translate.php @@ -69,7 +69,7 @@ class translate extends common $lang = $this->getUrl(2); // Jeton incorrect ou URl avec le code langue incorrecte if ( - $this->getUrl(3) !== $_SESSION['csrf'] && + $this->checkCSRF() && array_key_exists($lang, self::$languages) === false ) { // Valeurs en sortie @@ -198,7 +198,7 @@ class translate extends common ]), template::button('translateContentLanguageLocaleDelete' . $key, [ 'class' => 'translateDelete buttonRed' . ($messageLocale ? ' disabled' : ''), - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/locale/' . $key . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/locale/' . $key, 'value' => template::ico('trash'), 'help' => 'Supprimer', ]) @@ -253,13 +253,13 @@ class translate extends common */ template::button('translateContentLanguageUIDownload' . $file, [ 'class' => version_compare($installedUI[$file]['version'], $storeUI[$file]['version']) < 0 ? 'buttonGreen' : '', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file, 'value' => template::ico('update'), 'help' => 'Mettre à jour', ]), template::button('translateContentLanguageUIDelete' . $file, [ 'class' => 'translateDelete buttonRed' . (in_array($file, $usersUI) ? ' disabled' : ''), - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/ui/' . $file . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/ui/' . $file, 'value' => template::ico('trash'), 'help' => 'Supprimer', ]), @@ -278,7 +278,7 @@ class translate extends common '', template::button('translateContentLanguageUIDownload' . $file, [ 'class' => 'buttonGreen', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file, 'value' => template::ico('shopping-basket'), 'help' => 'Installer', ]) @@ -541,7 +541,7 @@ class translate extends common $target = $this->getUrl(2); $lang = $this->getUrl(3); if ( - $this->getUrl(4) !== $_SESSION['csrf'] + $this->checkCSRF() || array_key_exists($lang, self::$languages) === false ) { // Valeurs en sortie @@ -596,7 +596,7 @@ class translate extends common // Jeton incorrect ou URl avec le code langue incorrecte $lang = $this->getUrl(2); if ( - $this->getUrl(3) !== $_SESSION['csrf'] + $this->checkCSRF() || array_key_exists($lang, self::$languages) === false ) { // Valeurs en sortie diff --git a/core/module/user/user.php b/core/module/user/user.php index e6eb621f..5448464c 100644 --- a/core/module/user/user.php +++ b/core/module/user/user.php @@ -194,7 +194,7 @@ class user extends common ]); } // Jeton incorrect - elseif ($this->getUrl(3) !== $_SESSION['csrf']) { + elseif ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'user', @@ -227,7 +227,7 @@ class user extends common public function edit() { if ( - $this->getUrl(3) !== $_SESSION['csrf'] + $this->checkCSRF() ) { // Valeurs en sortie @@ -436,13 +436,13 @@ class user extends common $userFirstname . ' ' . $this->getData(['user', $userId, 'lastname']), helper::translate(self::$groups[(int) $this->getData(['user', $userId, 'group'])]), template::button('userEdit' . $userId, [ - 'href' => helper::baseUrl() . 'user/edit/' . $userId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . 'user/edit/' . $userId, 'value' => template::ico('pencil'), 'help' => 'Éditer' ]), template::button('userDelete' . $userId, [ 'class' => 'userDelete buttonRed', - 'href' => helper::baseUrl() . 'user/delete/' . $userId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . 'user/delete/' . $userId, 'value' => template::ico('trash'), 'help' => 'Supprimer' ]) @@ -475,14 +475,14 @@ class user extends common $groupData['name'], nl2br($groupData['comment']), template::button('profilEdit' . $groupId, [ - 'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId, 'value' => template::ico('pencil'), 'help' => 'Éditer', 'disabled' => $groupData['readonly'], ]), template::button('permissionDelete' . $groupId, [ 'class' => 'userDelete buttonRed', - 'href' => helper::baseUrl() . 'user/permissionDelete/' . $groupId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . 'user/permissionDelete/' . $groupId, 'value' => template::ico('trash'), 'help' => 'Supprimer', 'disabled' => $groupData['readonly'], @@ -499,14 +499,14 @@ class user extends common self::$groups[$groupId] . '
    Profil : ' . $subGroupData['name'], nl2br($subGroupData['comment']), template::button('profilEdit' . $groupId . $subGroupId, [ - 'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId . '/' . $subGroupId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId . '/' . $subGroupId, 'value' => template::ico('pencil'), 'help' => 'Éditer', 'disabled' => $subGroupData['readonly'], ]), template::button('profilDelete' . $groupId . $subGroupId, [ 'class' => 'userDelete buttonRed', - 'href' => helper::baseUrl() . 'user/profilDelete/' . $groupId . '/' . $subGroupId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . 'user/profilDelete/' . $groupId . '/' . $subGroupId, 'value' => template::ico('trash'), 'help' => 'Supprimer', 'disabled' => $subGroupData['readonly'], @@ -528,7 +528,7 @@ class user extends common public function profilEdit() { if ( - $this->getUrl(4) !== $_SESSION['csrf'] + $this->checkCSRF() ) { // Valeurs en sortie diff --git a/module/blog/blog.php b/module/blog/blog.php index 19c3e198..8399d18f 100755 --- a/module/blog/blog.php +++ b/module/blog/blog.php @@ -320,7 +320,7 @@ class blog extends common $comments = $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment']); self::$commentsDelete = template::button('blogCommentDeleteAll', [ 'class' => 'blogCommentDeleteAll buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2) . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2), 'value' => 'Tout effacer' ]); // Ids des commentaires par ordre de création @@ -340,7 +340,7 @@ class blog extends common if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'commentApproved']) === true) { $buttonApproval = template::button('blogCommentApproved' . $commentIds[$i], [ 'class' => $comment['approval'] === true ? 'blogCommentRejected buttonGreen' : 'blogCommentApproved buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i], 'value' => $comment['approval'] === true ? 'A' : 'R', 'help' => $comment['approval'] === true ? 'Approuvé' : 'Rejeté', ]); @@ -354,7 +354,7 @@ class blog extends common $buttonApproval, template::button('blogCommentDelete' . $commentIds[$i], [ 'class' => 'blogCommentDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i], 'value' => template::ico('trash') ]) ]; @@ -379,7 +379,7 @@ class blog extends common ]); } // Jeton incorrect - elseif ($this->getUrl(4) !== $_SESSION['csrf']) { + elseif ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', @@ -404,7 +404,7 @@ class blog extends common public function commentDeleteAll() { // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', @@ -436,7 +436,7 @@ class blog extends common ]); } // Jeton incorrect - elseif ($this->getUrl(4) !== $_SESSION['csrf']) { + elseif ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', @@ -536,12 +536,12 @@ class blog extends common 'help' => ($toApprove || $approved) > 0 ? 'Éditer / Approuver les commentaires' : '' ]), template::button('blogConfigEdit' . $articleIds[$i], [ - 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i] . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i], 'value' => template::ico('pencil') ]), template::button('blogConfigDelete' . $articleIds[$i], [ 'class' => 'blogConfigDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i] . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i], 'value' => template::ico('trash') ]) ]; @@ -601,7 +601,7 @@ class blog extends common ]); } // Jeton incorrect - elseif ($this->getUrl(3) !== $_SESSION['csrf']) { + elseif ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', @@ -626,7 +626,7 @@ class blog extends common public function edit() { // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', diff --git a/module/blog/view/article/article.php b/module/blog/view/article/article.php index 63cb2cf7..fb3f83be 100755 --- a/module/blog/view/article/article.php +++ b/module/blog/view/article/article.php @@ -39,7 +39,7 @@ ) ) ) : ?> - + Éditer diff --git a/module/blog/view/index/index.php b/module/blog/view/index/index.php index 221ae750..88ca931a 100755 --- a/module/blog/view/index/index.php +++ b/module/blog/view/index/index.php @@ -73,7 +73,7 @@ ) ): ?> + href="getUrl(0) . '/edit/' . $articleId; ?>"> Éditer diff --git a/module/form/form.php b/module/form/form.php index 728dcb92..f6acc9ef 100644 --- a/module/form/form.php +++ b/module/form/form.php @@ -246,7 +246,7 @@ class form extends common $content, template::button('formDataDelete' . $dataIds[$i], [ 'class' => 'formDataDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $dataIds[$i] . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $dataIds[$i], 'value' => template::ico('trash') ]) ]; @@ -267,7 +267,7 @@ class form extends common public function export2csv() { // Jeton incorrect - if ($this->getUrl(2) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', @@ -308,7 +308,7 @@ class form extends common public function deleteall() { // Jeton incorrect - if ($this->getUrl(2) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', @@ -346,7 +346,7 @@ class form extends common // Jeton incorrect if ( $this->getUser('permission', 'form', 'delete') === false || - $this->getUrl(3) !== $_SESSION['csrf']) { + $this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', diff --git a/module/form/view/data/data.php b/module/form/view/data/data.php index a9118a25..e8f600dd 100644 --- a/module/form/view/data/data.php +++ b/module/form/view/data/data.php @@ -9,14 +9,14 @@
    'formDataDeleteAll buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/deleteall' . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/deleteall', 'value' => template::ico('trash'), 'help' => 'Effacer toutes les données' ]); ?>
    helper::baseUrl() . $this->getUrl(0) . '/export2csv' . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/export2csv', 'value' => template::ico('download'), 'help' => 'Exporter toutes les données' ]); ?> diff --git a/module/gallery/gallery.php b/module/gallery/gallery.php index cfeaa0ed..3eff52cb 100644 --- a/module/gallery/gallery.php +++ b/module/gallery/gallery.php @@ -385,13 +385,13 @@ class gallery extends common $gallery['config']['name'], $gallery['config']['directory'], template::button('galleryConfigEdit' . $galleryId, [ - 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId, 'value' => template::ico('pencil'), 'help' => 'Configuration de la galerie ' ]), template::button('galleryConfigDelete' . $galleryId, [ 'class' => 'galleryConfigDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId, 'value' => template::ico('trash'), 'help' => 'Supprimer cette galerie' ]) @@ -508,7 +508,7 @@ class gallery extends common ]); } // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', @@ -545,7 +545,7 @@ class gallery extends common public function edit() { // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', @@ -590,7 +590,7 @@ class gallery extends common ]); // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(2) . '/' . $_SESSION['csrf'], + 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(2), 'notification' => helper::translate('Modifications enregistrées'), 'state' => true ]); @@ -855,7 +855,7 @@ class gallery extends common public function theme() { // Jeton incorrect - if ($this->getUrl(2) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', @@ -936,7 +936,7 @@ class gallery extends common */ if ($this->getUrl(2) === 'galleries') { // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', @@ -977,7 +977,7 @@ class gallery extends common */ } elseif ($this->getUrl(2) === 'gallery') { // Jeton incorrect - if ($this->getUrl(4) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit', @@ -1028,7 +1028,7 @@ class gallery extends common } // Valeurs en sortie $this->addOutput([ - 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId . '/' . $_SESSION['csrf'], + 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId, 'notification' => helper::translate('Modifications enregistrées'), 'state' => true ]); diff --git a/module/news/news.php b/module/news/news.php index 410d4758..23996b3b 100644 --- a/module/news/news.php +++ b/module/news/news.php @@ -239,12 +239,12 @@ class news extends common $dateOff, helper::translate(self::$states[$this->getData(['module', $this->getUrl(0), 'posts', $newsIds[$i], 'state'])]), template::button('newsConfigEdit' . $newsIds[$i], [ - 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i] . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i], 'value' => template::ico('pencil') ]), template::button('newsConfigDelete' . $newsIds[$i], [ 'class' => 'newsConfigDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i], 'value' => template::ico('trash') ]) ]; @@ -338,12 +338,12 @@ class news extends common $dateOff, helper::translate(helper::translate(self::$states[$this->getData(['module', $this->getUrl(0), 'posts', $newsIds[$i], 'state'])])), template::button('newsConfigEdit' . $newsIds[$i], [ - 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i] . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i], 'value' => template::ico('pencil') ]), template::button('newsConfigDelete' . $newsIds[$i], [ 'class' => 'newsConfigDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '/' . $_SESSION['csrf'], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i], 'value' => template::ico('cancel') ]) ]; @@ -373,7 +373,7 @@ class news extends common ]); } // Jeton incorrect - elseif ($this->getUrl(3) !== $_SESSION['csrf']) { + elseif ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', @@ -398,7 +398,7 @@ class news extends common public function edit() { // Jeton incorrect - if ($this->getUrl(3) !== $_SESSION['csrf']) { + if ($this->checkCSRF()) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', diff --git a/module/news/view/article/article.php b/module/news/view/article/article.php index e541a897..67c4ee21 100644 --- a/module/news/view/article/article.php +++ b/module/news/view/article/article.php @@ -18,7 +18,7 @@ ( $this->getUser('group') === self::GROUP_ADMIN ) ) ): ?> - + Éditer diff --git a/module/news/view/index/index.php b/module/news/view/index/index.php index 14da4d51..ee5cf9e0 100644 --- a/module/news/view/index/index.php +++ b/module/news/view/index/index.php @@ -34,7 +34,7 @@ ) ): ?> + href="getUrl(0) . '/edit/' . $newsId; ?>"> Éditer