Faille CRSF articles des blogs

2019-01-16 16:48:03 +01:00 · 2019-01-16 16:48:03 +01:00 · a30b210e82
parent 0ba83d0612
commit a30b210e82
2 changed files with 12 additions and 4 deletions
--- a/module/blog/blog.php
+++ b/module/blog/blog.php
@ -113,7 +113,7 @@ class blog extends common {
 				$comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'],
 				template::button('blogCommentDelete' . $commentIds[$i], [
 					'class' => 'blogCommentDelete buttonRed',
-					'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i],
+					'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'] ,
 					'value' => template::ico('cancel')
 				])
 			];
@ -136,6 +136,14 @@ class blog extends common {
 				'access' => false
 			]);
 		}
+		// Jeton incorrect
+		elseif ($this->getUrl(4) !== $_SESSION['csrf']) {
+			// Valeurs en sortie
+			$this->addOutput([
+				'redirect' => helper::baseUrl()  . $this->getUrl(0) . '/config',
+				'notification' => 'Action non autorisée'
+			]);
+		}	
 		// Suppression
 		else {
 			$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2), 'comment', $this->getUrl(3)]);
--- a/module/blog/view/article/article.php
+++ b/module/blog/view/article/article.php
@ -115,7 +115,7 @@ code d'origine
    <div class="col2 offset8">
 		<?php echo template::button('blogEdit', [
 					'class' => 'buttonBlue',
-					'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1),
+					'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf'],
 					'value' => 'Editer'
 		]); ?>
    </div>