1 files changed, 39 insertions, 7 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 42c67a88b5..6bd27a8bca 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -29,14 +29,31 @@ class acp_styles
 	protected $styles_path;
 	protected $styles_path_absolute = 'styles';
 	protected $default_style = 0;
+	protected $styles_list_cols = 0;
+	protected $reserved_style_names = array('adm', 'admin', 'all');
 
+	/** @var \phpbb\db\driver\driver_interface */
 	protected $db;
+
+	/** @var \phpbb\user */
 	protected $user;
+
+	/** @var \phpbb\template\template */
 	protected $template;
+
+	/** @var \phpbb\request\request_interface */
 	protected $request;
+
+	/** @var \phpbb\cache\driver\driver_interface */
 	protected $cache;
+
+	/** @var \phpbb\auth\auth */
 	protected $auth;
+
+	/** @var string */
 	protected $phpbb_root_path;
+
+	/** @var string */
 	protected $php_ext;
 
 	public function main($id, $mode)
@@ -70,11 +87,6 @@ class acp_styles
 		$action = $this->request->variable('action', '');
 		$post_actions = array('install', 'activate', 'deactivate', 'uninstall');
 
-		if ($action && in_array($action, $post_actions) && !check_link_hash($request->variable('hash', ''), $action))
-		{
-			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
-		}
-
 		foreach ($post_actions as $key)
 		{
 			if ($this->request->is_set_post($key))
@@ -83,6 +95,18 @@ class acp_styles
 			}
 		}
 
+		// The uninstall action uses confirm_box() to verify the validity of the request,
+		// so there is no need to check for a valid token here.
+		if (in_array($action, $post_actions) && $action != 'uninstall')
+		{
+			$is_valid_request = check_link_hash($request->variable('hash', ''), $action) || check_form_key('styles_management');
+
+			if (!$is_valid_request)
+			{
+				trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+			}
+		}
+
 		if ($action != '')
 		{
 			$this->s_hidden_fields['action'] = $action;
@@ -122,6 +146,8 @@ class acp_styles
 	*/
 	protected function frontend()
 	{
+		add_form_key('styles_management');
+
 		// Check mode
 		switch ($this->mode)
 		{
@@ -155,6 +181,12 @@ class acp_styles
 		$last_installed = false;
 		foreach ($dirs as $dir)
 		{
+			if (in_array($dir, $this->reserved_style_names))
+			{
+				$messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir));
+				continue;
+			}
+
 			$found = false;
 			foreach ($styles as &$style)
 			{
@@ -800,7 +832,7 @@ class acp_styles
 	* Update styles tree
 	*
 	* @param array $styles Styles list, passed as reference
-	* @param array $style Current style, false if root
+	* @param array|false $style Current style, false if root
 	* @return bool True if something was updated, false if not
 	*/
 	protected function update_styles_tree(&$styles, $style = false)
@@ -1082,7 +1114,7 @@ class acp_styles
 	/**
 	* Install style
 	*
-	* @param $style style data
+	* @param array $style style data
 	* @return int Style id
 	*/
 	protected function install_style($style)