Merge pull request #2 from alromh87/master

Fix Cross Site Request Forgery on theme selection by using token

bl-kernel/admin/controllers/install-theme.php

@@ -21,10 +21,25 @@ checkRole(array('admin'));
 // ============================================================================
 // Main after POST
 // ============================================================================
-$themeDirectory = $layout['parameters'];
+$token = "";
+$parameters = explode("/", $layout['parameters']);
+if(count($parameters)==2) {
+    $themeDirectory = $parameters[0];
 
-// Activate theme
+    // Verify CSRF Token
-activateTheme($themeDirectory);
+    $token = Sanitize::html($parameters[1]);
+    if ($security->validateTokenCSRF($token)) {
+        // Activate theme
+        activateTheme($themeDirectory);
+
+        // Redirect
+        Redirect::page('themes');
+    }
+}
+
+Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF.', ALERT_STATUS_FAIL);
+Log::set(__FILE__.LOG_SEP.'Token in install theme ['.$token.']', ALERT_STATUS_FAIL);
+
+Session::destroy();
+Redirect::page('login');
 
-// Redirect
-Redirect::page('themes');

bl-kernel/admin/views/themes.php

@@ -24,7 +24,7 @@ foreach ($themes as $theme) {
 	';
 
 	if ($theme['dirname']!=$site->theme()) {
-		echo '<a href="'.HTML_PATH_ADMIN_ROOT.'install-theme/'.$theme['dirname'].'">'.$L->g('Activate').'</a>';
+		echo '<a href="'.HTML_PATH_ADMIN_ROOT.'install-theme/'.$theme['dirname'].'/'.$security->getTokenCSRF().'">'.$L->g('Activate').'</a>';
 	}
 
 	echo '
@@ -50,4 +50,4 @@ foreach ($themes as $theme) {
 echo '
 	</tbody>
 </table>
-';
+';