diff options
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 266495972b..094d84de40 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -68,13 +68,20 @@ class acp_styles $action = $this->request->variable('action', ''); $post_actions = array('install', 'activate', 'deactivate', 'uninstall'); + + if ($action && in_array($action, $post_actions) && !check_link_hash($request->variable('hash', ''), $action)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + foreach ($post_actions as $key) { - if (isset($_POST[$key])) + if ($this->request->is_set_post($key)) { $action = $key; } } + if ($action != '') { $this->s_hidden_fields['action'] = $action; @@ -921,21 +928,23 @@ class acp_styles 'L_ACTION' => $this->user->lang['DETAILS'] ); - // Activate + // Activate/Deactive + $action_name = ($style['style_active'] ? 'de' : '') . 'activate'; + $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=' . ($style['style_active'] ? 'de' : '') . 'activate&id=' . $style['style_id'], + 'U_ACTION' => $this->u_action . '&action=' . $action_name . '&hash=' . generate_link_hash($action_name) . '&id=' . $style['style_id'], 'L_ACTION' => $this->user->lang['STYLE_' . ($style['style_active'] ? 'DE' : '') . 'ACTIVATE'] ); /* // Export $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=export&id=' . $style['style_id'], + 'U_ACTION' => $this->u_action . '&action=export&hash=' . generate_link_hash('export') . '&id=' . $style['style_id'], 'L_ACTION' => $this->user->lang['EXPORT'] ); */ // Uninstall $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=uninstall&id=' . $style['style_id'], + 'U_ACTION' => $this->u_action . '&action=uninstall&hash=' . generate_link_hash('uninstall') . '&id=' . $style['style_id'], 'L_ACTION' => $this->user->lang['STYLE_UNINSTALL'] ); @@ -957,7 +966,7 @@ class acp_styles else { $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=install&dir=' . urlencode($style['style_path']), + 'U_ACTION' => $this->u_action . '&action=install&hash=' . generate_link_hash('install') . '&dir=' . urlencode($style['style_path']), 'L_ACTION' => $this->user->lang['INSTALL_STYLE'] ); } |