From f262b661e9b62d2c75d82a0c85fa47e0dec4e1eb Mon Sep 17 00:00:00 2001
From: fredtempez <frederic.tempez@outlook.com>
Date: Tue, 20 Jun 2023 20:15:55 +0200
Subject: [PATCH] Csrf Theme reset

---
 core/module/theme/theme.php | 62 +++++++++++++++----------------------
 1 file changed, 25 insertions(+), 37 deletions(-)

diff --git a/core/module/theme/theme.php b/core/module/theme/theme.php
index e82604c0..4843345a 100644
--- a/core/module/theme/theme.php
+++ b/core/module/theme/theme.php
@@ -811,44 +811,32 @@ class theme extends common
 	 */
 	public function reset()
 	{
-		// $url prend l'adresse sans le token
-		$url = explode('&', $this->getUrl(2));
-
-		if (
-			isset($_GET['csrf'])
-			and $_GET['csrf'] === $_SESSION['csrf']
-		) {
-			// Réinitialisation
-			$redirect = '';
-			switch ($url[0]) {
-				case 'admin':
-					$this->initData('admin', self::$i18nUI);
-					$redirect = helper::baseUrl() . 'theme/admin';
-					break;
-				case 'manage':
-					$this->initData('theme', self::$i18nUI);
-					$redirect = helper::baseUrl() . 'theme/manage';
-					break;
-				case 'custom':
-					unlink(self::DATA_DIR . 'custom.css');
-					$redirect = helper::baseUrl() . 'theme/advanced';
-					break;
-				default:
-					$redirect = helper::baseUrl() . 'theme';
-			}
-
-			// Valeurs en sortie
-			$this->addOutput([
-				'notification' => helper::translate('Thème réinitialisé'),
-				'redirect' => $redirect,
-				'state' => true
-			]);
-		} else {
-			// Valeurs en sortie
-			$this->addOutput([
-				'notification' => helper::translate('Jeton incorrect')
-			]);
+		// Réinitialisation
+		$redirect = '';
+		switch ($this->getUrl(2)) {
+			case 'admin':
+				$this->initData('admin', self::$i18nUI);
+				$redirect = helper::baseUrl() . 'theme/admin';
+				break;
+			case 'manage':
+				$this->initData('theme', self::$i18nUI);
+				$redirect = helper::baseUrl() . 'theme/manage';
+				break;
+			case 'custom':
+				unlink(self::DATA_DIR . 'custom.css');
+				$redirect = helper::baseUrl() . 'theme/advanced';
+				break;
+			default:
+				$redirect = helper::baseUrl() . 'theme';
 		}
+
+		// Valeurs en sortie
+		$this->addOutput([
+			'notification' => helper::translate('Thème réinitialisé'),
+			'redirect' => $redirect,
+			'state' => true
+		]);
+
 	}