kazhnuz/koblog
1
0
Fork 0
Code Issues 30 Pull requests Projects 3 Releases Packages Wiki Activity Actions

Logout in case no CSRF token provided while trying to change theme

Browse source
This commit is contained in:
Alejandro Romero Herrera 2020-08-24 23:25:08 +03:00
parent 1b4eeb386a
commit ca0d973a24
1 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
bl-kernel/admin/controllers/install-theme.php
View file

@ -21,23 +21,25 @@ checkRole(array('admin'));
// ============================================================================
// Main after POST
// ============================================================================
$token = "";
$parameters = explode("/", $layout['parameters']);
if(count($parameters)==2) {
$themeDirectory = $parameters[0];
// Verify CSRF Token
$token = Sanitize::html($parameters[1]);
if (!$security->validateTokenCSRF($token)) {
Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF.', ALERT_STATUS_FAIL);
Log::set(__FILE__.LOG_SEP.'Token in install theme ['.$token.']', ALERT_STATUS_FAIL);
Session::destroy();
Redirect::page('login');
} else {
if ($security->validateTokenCSRF($token)) {
// Activate theme
activateTheme($themeDirectory);
// Redirect
Redirect::page('themes');
}
}
// Redirect
Redirect::page('themes');
Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF.', ALERT_STATUS_FAIL);
Log::set(__FILE__.LOG_SEP.'Token in install theme ['.$token.']', ALERT_STATUS_FAIL);
Session::destroy();
Redirect::page('login');