remijean/ZwiiCMS
2
1
Fork 0
forked from ZwiiCMS-Team/ZwiiCMS
Code Pull Requests Activity

Module delete supprimer le checkcsrf et change l'appel de la fonction profil

Browse Source
This commit is contained in:
Fred Tempez 2023-06-28 17:51:48 +02:00
parent 0ac0e9398b
commit 23c015f696
4 changed files with 4 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
module/blog/blog.php
View File

@ -593,21 +593,13 @@ class blog extends common
public function delete() public function delete()
{ {
if ( if (
$this->getUser('permission', 'blog', 'delete') === false || $this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} }
// Action interdite
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Suppression // Suppression
else { else {
$this->deleteData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]); $this->deleteData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]);

4
module/form/form.php
View File

@ -344,9 +344,7 @@ class form extends common
public function delete() public function delete()
{ {
// Action interdite // Action interdite
if ( if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false) {
$this->getUser('permission', 'form', 'delete') === false ||
$this->checkCSRF()) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data', 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/data',

11
module/gallery/gallery.php
View File

@ -498,23 +498,14 @@ class gallery extends common
*/ */
public function delete() public function delete()
{ {
// $url prend l'adresse sans le token
// La galerie n'existe pas // La galerie n'existe pas
if ($this->getUser('permission', 'gallery', 'delete') === false || if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
$this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) { $this->getData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} }
// Action interdite
if ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Suppression interdite')
]);
}
// Suppression // Suppression
else { else {
$this->deleteData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]); $this->deleteData(['module', $this->getUrl(0), 'content', $this->getUrl(2)]);

10
module/news/news.php
View File

@ -365,21 +365,13 @@ class news extends common
public function delete() public function delete()
{ {
// La news n'existe pas // La news n'existe pas
if ($this->getUser('permission', 'news', 'delete') === false || if ($this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
$this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) { $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} }
// Action interdite
elseif ($this->checkCSRF()) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => helper::translate('Action interdite')
]);
}
// Suppression // Suppression
else { else {
$this->deleteData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]); $this->deleteData(['module', $this->getUrl(0), 'posts', $this->getUrl(2)]);