Faille CRSF articles des blogs
This commit is contained in:
parent
0ba83d0612
commit
a30b210e82
@ -113,7 +113,7 @@ class blog extends common {
|
|||||||
$comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'],
|
$comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'],
|
||||||
template::button('blogCommentDelete' . $commentIds[$i], [
|
template::button('blogCommentDelete' . $commentIds[$i], [
|
||||||
'class' => 'blogCommentDelete buttonRed',
|
'class' => 'blogCommentDelete buttonRed',
|
||||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i],
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'] ,
|
||||||
'value' => template::ico('cancel')
|
'value' => template::ico('cancel')
|
||||||
])
|
])
|
||||||
];
|
];
|
||||||
@ -136,6 +136,14 @@ class blog extends common {
|
|||||||
'access' => false
|
'access' => false
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
// Jeton incorrect
|
||||||
|
elseif ($this->getUrl(4) !== $_SESSION['csrf']) {
|
||||||
|
// Valeurs en sortie
|
||||||
|
$this->addOutput([
|
||||||
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
|
'notification' => 'Action non autorisée'
|
||||||
|
]);
|
||||||
|
}
|
||||||
// Suppression
|
// Suppression
|
||||||
else {
|
else {
|
||||||
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2), 'comment', $this->getUrl(3)]);
|
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2), 'comment', $this->getUrl(3)]);
|
||||||
@ -169,12 +177,12 @@ class blog extends common {
|
|||||||
utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $articleIds[$i], 'publishedOn']))),
|
utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $articleIds[$i], 'publishedOn']))),
|
||||||
self::$states[$this->getData(['module', $this->getUrl(0), $articleIds[$i], 'state'])],
|
self::$states[$this->getData(['module', $this->getUrl(0), $articleIds[$i], 'state'])],
|
||||||
template::button('blogConfigEdit' . $articleIds[$i], [
|
template::button('blogConfigEdit' . $articleIds[$i], [
|
||||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i]. '/' . $_SESSION['csrf'],
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
|
||||||
'value' => template::ico('pencil')
|
'value' => template::ico('pencil')
|
||||||
]),
|
]),
|
||||||
template::button('blogConfigDelete' . $articleIds[$i], [
|
template::button('blogConfigDelete' . $articleIds[$i], [
|
||||||
'class' => 'blogConfigDelete buttonRed',
|
'class' => 'blogConfigDelete buttonRed',
|
||||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i]. '/' . $_SESSION['csrf'],
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
|
||||||
'value' => template::ico('cancel')
|
'value' => template::ico('cancel')
|
||||||
])
|
])
|
||||||
];
|
];
|
||||||
|
@ -115,7 +115,7 @@ code d'origine
|
|||||||
<div class="col2 offset8">
|
<div class="col2 offset8">
|
||||||
<?php echo template::button('blogEdit', [
|
<?php echo template::button('blogEdit', [
|
||||||
'class' => 'buttonBlue',
|
'class' => 'buttonBlue',
|
||||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1),
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf'],
|
||||||
'value' => 'Editer'
|
'value' => 'Editer'
|
||||||
]); ?>
|
]); ?>
|
||||||
</div>
|
</div>
|
||||||
|
Loading…
Reference in New Issue
Block a user