forked from ZwiiCMS-Team/ZwiiCMS
Exposition du code de session
This commit is contained in:
parent
0cd487f211
commit
229d521502
@ -356,7 +356,7 @@ class layout extends common
|
||||
$items .= '<wbr>' . template::ico('user', [
|
||||
'margin' => 'all',
|
||||
'help' => 'Mon compte',
|
||||
'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id') . '/' . $_SESSION['csrf']
|
||||
'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id')
|
||||
]);
|
||||
$items .= '<wbr>' . template::ico('logout', [
|
||||
'margin' => 'all',
|
||||
@ -509,7 +509,7 @@ class layout extends common
|
||||
$itemsRight .= '<li>' . template::ico('user', [
|
||||
'help' => 'Mon compte',
|
||||
'margin' => 'right',
|
||||
'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id') . '/' . $_SESSION['csrf']
|
||||
'href' => helper::baseUrl() . 'user/edit/' . $this->getUser('id')
|
||||
]) . '</li>';
|
||||
$itemsRight .= '<li>' .
|
||||
template::ico('logout', [
|
||||
@ -1055,7 +1055,7 @@ class layout extends common
|
||||
}
|
||||
}
|
||||
if ($this->getUser('group') >= self::GROUP_MODERATOR) {
|
||||
$rightItems .= '<li><a href="' . helper::baseUrl() . 'user/edit/' . $this->getUser('id') . '/' . $_SESSION['csrf'] .
|
||||
$rightItems .= '<li><a href="' . helper::baseUrl() . 'user/edit/' . $this->getUser('id') .
|
||||
'" data-tippy-content="' . helper::translate('Configurer mon compte') . '">' .
|
||||
template::ico('user', ['margin' => 'right']) . '<span id="displayUsername">' . $this->getUser('firstname') . ' ' . $this->getUser('lastname') .
|
||||
'</span></a></li>';
|
||||
|
@ -397,7 +397,7 @@ class template
|
||||
$html = '<form id="' . $id . '" method="post">';
|
||||
// Stock le token CSRF
|
||||
$html .= self::hidden('csrf', [
|
||||
'value' => $_SESSION['csrf']
|
||||
'value' => htmlentities($_SESSION['csrf'], ENT_QUOTES | ENT_HTML5, 'UTF-8')
|
||||
]);
|
||||
// Retourne le html
|
||||
return $html;
|
||||
|
@ -1362,7 +1362,7 @@ class core extends common
|
||||
parent::__construct();
|
||||
// Token CSRF
|
||||
if (empty($_SESSION['csrf'])) {
|
||||
$_SESSION['csrf'] = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
$_SESSION['csrf'] = bin2hex(openssl_random_pseudo_bytes(128));
|
||||
}
|
||||
|
||||
// Fuseau horaire
|
||||
|
@ -63,7 +63,7 @@ class plugin extends common
|
||||
{
|
||||
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'plugin',
|
||||
@ -292,7 +292,7 @@ class plugin extends common
|
||||
public function uploadItem()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'store',
|
||||
@ -383,7 +383,7 @@ class plugin extends common
|
||||
implode(' - ', $pageInfos),
|
||||
template::button('moduleExport' . $key, [
|
||||
'class' => $class,
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/uploadItem/' . $key . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/uploadItem/' . $key,
|
||||
'value' => $ico,
|
||||
'help' => $help
|
||||
])
|
||||
@ -481,7 +481,7 @@ class plugin extends common
|
||||
$infoModules[$key]['delete'] === true
|
||||
? template::button('moduleDelete' . $key, [
|
||||
'class' => 'moduleDelete buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $key . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $key,
|
||||
'value' => template::ico('trash'),
|
||||
'help' => 'Supprimer le module'
|
||||
])
|
||||
@ -502,12 +502,12 @@ class plugin extends common
|
||||
$infoModules[$key]['version'],
|
||||
'',
|
||||
template::button('moduleSave' . $key, [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/save/filemanager/' . $key . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/save/filemanager/' . $key,
|
||||
'value' => template::ico('download-cloud'),
|
||||
'help' => 'Sauvegarder le module dans le gestionnaire de fichiers'
|
||||
]),
|
||||
template::button('moduleDownload' . $key, [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/save/download/' . $key . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/save/download/' . $key,
|
||||
'value' => template::ico('download'),
|
||||
'help' => 'Sauvegarder et télécharger le module'
|
||||
])
|
||||
@ -533,19 +533,19 @@ class plugin extends common
|
||||
$infoModules[$pagesInfos[$keyi18n][$keyPage]['moduleId']]['version'],
|
||||
template::flag($keyi18n, '20px') . ' <a href ="' . helper::baseUrl() . $keyPage . '" target="_blank">' . $pagesInfos[$keyi18n][$keyPage]['title'] . ' (' . $keyPage . ')</a>',
|
||||
template::button('dataExport' . $keyPage, [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/filemanager/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/filemanager/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage,
|
||||
// appel de fonction vaut exécution, utiliser un paramètre
|
||||
'value' => template::ico('download-cloud'),
|
||||
'help' => 'Sauvegarder les données du module dans le gestionnaire de fichiers'
|
||||
]),
|
||||
template::button('dataExport' . $keyPage, [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/download/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataExport/download/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage,
|
||||
// appel de fonction vaut exécution, utiliser un paramètre
|
||||
'value' => template::ico('download'),
|
||||
'help' => 'Sauvegarder et télécharger les données du module'
|
||||
]),
|
||||
template::button('dataDelete' . $keyPage, [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataDelete/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/dataDelete/' . self::$i18nContent . '/' . $pagesInfos[$keyi18n][$keyPage]['moduleId'] . '/' . $keyPage,
|
||||
// appel de fonction vaut exécution, utiliser un paramètre
|
||||
'value' => template::ico('trash'),
|
||||
'class' => 'buttonRed dataDelete',
|
||||
@ -572,7 +572,7 @@ class plugin extends common
|
||||
public function save()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(4) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'plugin',
|
||||
@ -646,7 +646,7 @@ class plugin extends common
|
||||
public function dataDelete()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(5) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'plugin',
|
||||
@ -677,7 +677,7 @@ class plugin extends common
|
||||
public function dataExport()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(6) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'plugin',
|
||||
@ -818,7 +818,7 @@ class plugin extends common
|
||||
// Bouton d'importation des données d'un module spécifique
|
||||
if (count(explode('/', $this->getUrl())) === 6) {
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'plugin',
|
||||
|
@ -625,14 +625,14 @@ class theme extends common
|
||||
$type,
|
||||
$type !== 'websafe' ? template::button('themeFontEdit' . $fontId, [
|
||||
'class' => 'themeFontEdit',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontEdit/' . $type . '/' . $fontId,
|
||||
'value' => template::ico('pencil'),
|
||||
'disabled' => !empty($fontUsed[$fontId])
|
||||
])
|
||||
: '',
|
||||
$type !== 'websafe' ? template::button('themeFontDelete' . $fontId, [
|
||||
'class' => 'themeFontDelete buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontDelete/' . $type . '/' . $fontId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/fontDelete/' . $type . '/' . $fontId,
|
||||
'value' => template::ico('cancel'),
|
||||
'disabled' => !empty($fontUsed[$fontId])
|
||||
])
|
||||
@ -775,7 +775,7 @@ class theme extends common
|
||||
public function fontDelete()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(4) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'theme/fonts',
|
||||
|
@ -69,7 +69,7 @@ class translate extends common
|
||||
$lang = $this->getUrl(2);
|
||||
// Jeton incorrect ou URl avec le code langue incorrecte
|
||||
if (
|
||||
$this->getUrl(3) !== $_SESSION['csrf'] &&
|
||||
$this->checkCSRF() &&
|
||||
array_key_exists($lang, self::$languages) === false
|
||||
) {
|
||||
// Valeurs en sortie
|
||||
@ -198,7 +198,7 @@ class translate extends common
|
||||
]),
|
||||
template::button('translateContentLanguageLocaleDelete' . $key, [
|
||||
'class' => 'translateDelete buttonRed' . ($messageLocale ? ' disabled' : ''),
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/locale/' . $key . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/locale/' . $key,
|
||||
'value' => template::ico('trash'),
|
||||
'help' => 'Supprimer',
|
||||
])
|
||||
@ -253,13 +253,13 @@ class translate extends common
|
||||
*/
|
||||
template::button('translateContentLanguageUIDownload' . $file, [
|
||||
'class' => version_compare($installedUI[$file]['version'], $storeUI[$file]['version']) < 0 ? 'buttonGreen' : '',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file,
|
||||
'value' => template::ico('update'),
|
||||
'help' => 'Mettre à jour',
|
||||
]),
|
||||
template::button('translateContentLanguageUIDelete' . $file, [
|
||||
'class' => 'translateDelete buttonRed' . (in_array($file, $usersUI) ? ' disabled' : ''),
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/ui/' . $file . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/ui/' . $file,
|
||||
'value' => template::ico('trash'),
|
||||
'help' => 'Supprimer',
|
||||
]),
|
||||
@ -278,7 +278,7 @@ class translate extends common
|
||||
'',
|
||||
template::button('translateContentLanguageUIDownload' . $file, [
|
||||
'class' => 'buttonGreen',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/update/' . $file,
|
||||
'value' => template::ico('shopping-basket'),
|
||||
'help' => 'Installer',
|
||||
])
|
||||
@ -541,7 +541,7 @@ class translate extends common
|
||||
$target = $this->getUrl(2);
|
||||
$lang = $this->getUrl(3);
|
||||
if (
|
||||
$this->getUrl(4) !== $_SESSION['csrf']
|
||||
$this->checkCSRF()
|
||||
|| array_key_exists($lang, self::$languages) === false
|
||||
) {
|
||||
// Valeurs en sortie
|
||||
@ -596,7 +596,7 @@ class translate extends common
|
||||
// Jeton incorrect ou URl avec le code langue incorrecte
|
||||
$lang = $this->getUrl(2);
|
||||
if (
|
||||
$this->getUrl(3) !== $_SESSION['csrf']
|
||||
$this->checkCSRF()
|
||||
|| array_key_exists($lang, self::$languages) === false
|
||||
) {
|
||||
// Valeurs en sortie
|
||||
|
@ -194,7 +194,7 @@ class user extends common
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
elseif ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'user',
|
||||
@ -227,7 +227,7 @@ class user extends common
|
||||
public function edit()
|
||||
{
|
||||
if (
|
||||
$this->getUrl(3) !== $_SESSION['csrf']
|
||||
$this->checkCSRF()
|
||||
) {
|
||||
|
||||
// Valeurs en sortie
|
||||
@ -436,13 +436,13 @@ class user extends common
|
||||
$userFirstname . ' ' . $this->getData(['user', $userId, 'lastname']),
|
||||
helper::translate(self::$groups[(int) $this->getData(['user', $userId, 'group'])]),
|
||||
template::button('userEdit' . $userId, [
|
||||
'href' => helper::baseUrl() . 'user/edit/' . $userId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . 'user/edit/' . $userId,
|
||||
'value' => template::ico('pencil'),
|
||||
'help' => 'Éditer'
|
||||
]),
|
||||
template::button('userDelete' . $userId, [
|
||||
'class' => 'userDelete buttonRed',
|
||||
'href' => helper::baseUrl() . 'user/delete/' . $userId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . 'user/delete/' . $userId,
|
||||
'value' => template::ico('trash'),
|
||||
'help' => 'Supprimer'
|
||||
])
|
||||
@ -475,14 +475,14 @@ class user extends common
|
||||
$groupData['name'],
|
||||
nl2br($groupData['comment']),
|
||||
template::button('profilEdit' . $groupId, [
|
||||
'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId,
|
||||
'value' => template::ico('pencil'),
|
||||
'help' => 'Éditer',
|
||||
'disabled' => $groupData['readonly'],
|
||||
]),
|
||||
template::button('permissionDelete' . $groupId, [
|
||||
'class' => 'userDelete buttonRed',
|
||||
'href' => helper::baseUrl() . 'user/permissionDelete/' . $groupId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . 'user/permissionDelete/' . $groupId,
|
||||
'value' => template::ico('trash'),
|
||||
'help' => 'Supprimer',
|
||||
'disabled' => $groupData['readonly'],
|
||||
@ -499,14 +499,14 @@ class user extends common
|
||||
self::$groups[$groupId] . '<br />Profil : ' . $subGroupData['name'],
|
||||
nl2br($subGroupData['comment']),
|
||||
template::button('profilEdit' . $groupId . $subGroupId, [
|
||||
'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId . '/' . $subGroupId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . 'user/profilEdit/' . $groupId . '/' . $subGroupId,
|
||||
'value' => template::ico('pencil'),
|
||||
'help' => 'Éditer',
|
||||
'disabled' => $subGroupData['readonly'],
|
||||
]),
|
||||
template::button('profilDelete' . $groupId . $subGroupId, [
|
||||
'class' => 'userDelete buttonRed',
|
||||
'href' => helper::baseUrl() . 'user/profilDelete/' . $groupId . '/' . $subGroupId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . 'user/profilDelete/' . $groupId . '/' . $subGroupId,
|
||||
'value' => template::ico('trash'),
|
||||
'help' => 'Supprimer',
|
||||
'disabled' => $subGroupData['readonly'],
|
||||
@ -528,7 +528,7 @@ class user extends common
|
||||
public function profilEdit()
|
||||
{
|
||||
if (
|
||||
$this->getUrl(4) !== $_SESSION['csrf']
|
||||
$this->checkCSRF()
|
||||
) {
|
||||
|
||||
// Valeurs en sortie
|
||||
|
@ -320,7 +320,7 @@ class blog extends common
|
||||
$comments = $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'comment']);
|
||||
self::$commentsDelete = template::button('blogCommentDeleteAll', [
|
||||
'class' => 'blogCommentDeleteAll buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2) . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDeleteAll/' . $this->getUrl(2),
|
||||
'value' => 'Tout effacer'
|
||||
]);
|
||||
// Ids des commentaires par ordre de création
|
||||
@ -340,7 +340,7 @@ class blog extends common
|
||||
if ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2), 'commentApproved']) === true) {
|
||||
$buttonApproval = template::button('blogCommentApproved' . $commentIds[$i], [
|
||||
'class' => $comment['approval'] === true ? 'blogCommentRejected buttonGreen' : 'blogCommentApproved buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentApprove/' . $this->getUrl(2) . '/' . $commentIds[$i],
|
||||
'value' => $comment['approval'] === true ? 'A' : 'R',
|
||||
'help' => $comment['approval'] === true ? 'Approuvé' : 'Rejeté',
|
||||
]);
|
||||
@ -354,7 +354,7 @@ class blog extends common
|
||||
$buttonApproval,
|
||||
template::button('blogCommentDelete' . $commentIds[$i], [
|
||||
'class' => 'blogCommentDelete buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/commentDelete/' . $this->getUrl(2) . '/' . $commentIds[$i],
|
||||
'value' => template::ico('trash')
|
||||
])
|
||||
];
|
||||
@ -379,7 +379,7 @@ class blog extends common
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif ($this->getUrl(4) !== $_SESSION['csrf']) {
|
||||
elseif ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
@ -404,7 +404,7 @@ class blog extends common
|
||||
public function commentDeleteAll()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
@ -436,7 +436,7 @@ class blog extends common
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif ($this->getUrl(4) !== $_SESSION['csrf']) {
|
||||
elseif ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
@ -536,12 +536,12 @@ class blog extends common
|
||||
'help' => ($toApprove || $approved) > 0 ? 'Éditer / Approuver les commentaires' : ''
|
||||
]),
|
||||
template::button('blogConfigEdit' . $articleIds[$i], [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i],
|
||||
'value' => template::ico('pencil')
|
||||
]),
|
||||
template::button('blogConfigDelete' . $articleIds[$i], [
|
||||
'class' => 'blogConfigDelete buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i],
|
||||
'value' => template::ico('trash')
|
||||
])
|
||||
];
|
||||
@ -601,7 +601,7 @@ class blog extends common
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
elseif ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
@ -626,7 +626,7 @@ class blog extends common
|
||||
public function edit()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
|
@ -39,7 +39,7 @@
|
||||
)
|
||||
)
|
||||
) : ?>
|
||||
<a href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf']; ?>">
|
||||
<a href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1); ?>">
|
||||
<?php echo template::ico('pencil'); ?> Éditer
|
||||
</a>
|
||||
<?php endif; ?>
|
||||
|
@ -73,7 +73,7 @@
|
||||
)
|
||||
): ?>
|
||||
<a
|
||||
href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleId . '/' . $_SESSION['csrf']; ?>">
|
||||
href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleId; ?>">
|
||||
<?php echo template::ico('pencil'); ?> Éditer
|
||||
</a>
|
||||
<?php endif; ?>
|
||||
|
@ -246,7 +246,7 @@ class form extends common
|
||||
$content,
|
||||
template::button('formDataDelete' . $dataIds[$i], [
|
||||
'class' => 'formDataDelete buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $dataIds[$i] . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $dataIds[$i],
|
||||
'value' => template::ico('trash')
|
||||
])
|
||||
];
|
||||
@ -267,7 +267,7 @@ class form extends common
|
||||
public function export2csv()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(2) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',
|
||||
@ -308,7 +308,7 @@ class form extends common
|
||||
public function deleteall()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(2) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',
|
||||
@ -346,7 +346,7 @@ class form extends common
|
||||
// Jeton incorrect
|
||||
if (
|
||||
$this->getUser('permission', 'form', 'delete') === false ||
|
||||
$this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
$this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',
|
||||
|
@ -9,14 +9,14 @@
|
||||
<div class="col1 offset9">
|
||||
<?php echo template::button('formDataDeleteAll', [
|
||||
'class' => 'formDataDeleteAll buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/deleteall' . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/deleteall',
|
||||
'value' => template::ico('trash'),
|
||||
'help' => 'Effacer toutes les données'
|
||||
]); ?>
|
||||
</div>
|
||||
<div class="col1">
|
||||
<?php echo template::button('formDataBack', [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/export2csv' . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/export2csv',
|
||||
'value' => template::ico('download'),
|
||||
'help' => 'Exporter toutes les données'
|
||||
]); ?>
|
||||
|
@ -385,13 +385,13 @@ class gallery extends common
|
||||
$gallery['config']['name'],
|
||||
$gallery['config']['directory'],
|
||||
template::button('galleryConfigEdit' . $galleryId, [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId,
|
||||
'value' => template::ico('pencil'),
|
||||
'help' => 'Configuration de la galerie '
|
||||
]),
|
||||
template::button('galleryConfigDelete' . $galleryId, [
|
||||
'class' => 'galleryConfigDelete buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId,
|
||||
'value' => template::ico('trash'),
|
||||
'help' => 'Supprimer cette galerie'
|
||||
])
|
||||
@ -508,7 +508,7 @@ class gallery extends common
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
@ -545,7 +545,7 @@ class gallery extends common
|
||||
public function edit()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
@ -590,7 +590,7 @@ class gallery extends common
|
||||
]);
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(2) . '/' . $_SESSION['csrf'],
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(2),
|
||||
'notification' => helper::translate('Modifications enregistrées'),
|
||||
'state' => true
|
||||
]);
|
||||
@ -855,7 +855,7 @@ class gallery extends common
|
||||
public function theme()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(2) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
@ -936,7 +936,7 @@ class gallery extends common
|
||||
*/
|
||||
if ($this->getUrl(2) === 'galleries') {
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
@ -977,7 +977,7 @@ class gallery extends common
|
||||
*/
|
||||
} elseif ($this->getUrl(2) === 'gallery') {
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(4) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit',
|
||||
@ -1028,7 +1028,7 @@ class gallery extends common
|
||||
}
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId . '/' . $_SESSION['csrf'],
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId,
|
||||
'notification' => helper::translate('Modifications enregistrées'),
|
||||
'state' => true
|
||||
]);
|
||||
|
@ -239,12 +239,12 @@ class news extends common
|
||||
$dateOff,
|
||||
helper::translate(self::$states[$this->getData(['module', $this->getUrl(0), 'posts', $newsIds[$i], 'state'])]),
|
||||
template::button('newsConfigEdit' . $newsIds[$i], [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i],
|
||||
'value' => template::ico('pencil')
|
||||
]),
|
||||
template::button('newsConfigDelete' . $newsIds[$i], [
|
||||
'class' => 'newsConfigDelete buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i],
|
||||
'value' => template::ico('trash')
|
||||
])
|
||||
];
|
||||
@ -338,12 +338,12 @@ class news extends common
|
||||
$dateOff,
|
||||
helper::translate(helper::translate(self::$states[$this->getData(['module', $this->getUrl(0), 'posts', $newsIds[$i], 'state'])])),
|
||||
template::button('newsConfigEdit' . $newsIds[$i], [
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i],
|
||||
'value' => template::ico('pencil')
|
||||
]),
|
||||
template::button('newsConfigDelete' . $newsIds[$i], [
|
||||
'class' => 'newsConfigDelete buttonRed',
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i],
|
||||
'value' => template::ico('cancel')
|
||||
])
|
||||
];
|
||||
@ -373,7 +373,7 @@ class news extends common
|
||||
]);
|
||||
}
|
||||
// Jeton incorrect
|
||||
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
elseif ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
@ -398,7 +398,7 @@ class news extends common
|
||||
public function edit()
|
||||
{
|
||||
// Jeton incorrect
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||
if ($this->checkCSRF()) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||
|
@ -18,7 +18,7 @@
|
||||
( $this->getUser('group') === self::GROUP_ADMIN )
|
||||
)
|
||||
): ?>
|
||||
<a href ="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf'];?>">
|
||||
<a href ="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1);?>">
|
||||
<?php echo template::ico('pencil');?> Éditer
|
||||
</a>
|
||||
<?php endif; ?>
|
||||
|
@ -34,7 +34,7 @@
|
||||
)
|
||||
): ?>
|
||||
<a
|
||||
href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsId . '/' . $_SESSION['csrf']; ?>">
|
||||
href="<?php echo helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsId; ?>">
|
||||
<?php echo template::ico('pencil'); ?> Éditer
|
||||
</a>
|
||||
<?php endif; ?>
|
||||
|
Loading…
Reference in New Issue
Block a user