From ca0d973a249c464b4d40b27f7e452dd860102cc7 Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Mon, 24 Aug 2020 23:25:08 +0300
Subject: [PATCH] Logout in case no CSRF token provided while trying to change
 theme

---
 bl-kernel/admin/controllers/install-theme.php | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/bl-kernel/admin/controllers/install-theme.php b/bl-kernel/admin/controllers/install-theme.php
index 91657e84..2bfa6c91 100644
--- a/bl-kernel/admin/controllers/install-theme.php
+++ b/bl-kernel/admin/controllers/install-theme.php
@@ -21,23 +21,25 @@ checkRole(array('admin'));
 // ============================================================================
 // Main after POST
 // ============================================================================
+$token = "";
 $parameters = explode("/", $layout['parameters']);
 if(count($parameters)==2) {
     $themeDirectory = $parameters[0];
 
     // Verify CSRF Token
     $token = Sanitize::html($parameters[1]);
-    if (!$security->validateTokenCSRF($token)) {
-        Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF.', ALERT_STATUS_FAIL);
-        Log::set(__FILE__.LOG_SEP.'Token in install theme ['.$token.']', ALERT_STATUS_FAIL);
-
-        Session::destroy();
-        Redirect::page('login');
-    } else {
+    if ($security->validateTokenCSRF($token)) {
         // Activate theme
         activateTheme($themeDirectory);
+
+        // Redirect
+        Redirect::page('themes');
     }
 }
 
-// Redirect
-Redirect::page('themes');
+Log::set(__FILE__.LOG_SEP.'Error occurred when trying to validate the tokenCSRF.', ALERT_STATUS_FAIL);
+Log::set(__FILE__.LOG_SEP.'Token in install theme ['.$token.']', ALERT_STATUS_FAIL);
+
+Session::destroy();
+Redirect::page('login');
+