diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2014-10-23 01:38:54 +0200 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2014-10-23 01:38:54 +0200 |
| commit | acf6eaf8a88415064db8de826b68d5b9b70e8c44 (patch) | |
| tree | 5ca9f3b9af3efa1cdbb3a40608b9db0890fcb3e2 | |
| parent | 378fef022fef27d95a3b25d230e80cbea96ad104 (diff) | |
| parent | e4c8e4905c327b73252667f09500b3248c55e86c (diff) | |
| download | forums-acf6eaf8a88415064db8de826b68d5b9b70e8c44.tar forums-acf6eaf8a88415064db8de826b68d5b9b70e8c44.tar.gz forums-acf6eaf8a88415064db8de826b68d5b9b70e8c44.tar.bz2 forums-acf6eaf8a88415064db8de826b68d5b9b70e8c44.tar.xz forums-acf6eaf8a88415064db8de826b68d5b9b70e8c44.zip | |
Merge branch 'develop-ascraeus' into develop
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 42c67a88b5..af3fd7937c 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -70,11 +70,6 @@ class acp_styles $action = $this->request->variable('action', ''); $post_actions = array('install', 'activate', 'deactivate', 'uninstall'); - if ($action && in_array($action, $post_actions) && !check_link_hash($request->variable('hash', ''), $action)) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } - foreach ($post_actions as $key) { if ($this->request->is_set_post($key)) @@ -83,6 +78,18 @@ class acp_styles } } + // The uninstall action uses confirm_box() to verify the validity of the request, + // so there is no need to check for a valid token here. + if (in_array($action, $post_actions) && $action != 'uninstall') + { + $is_valid_request = check_link_hash($request->variable('hash', ''), $action) || check_form_key('styles_management'); + + if (!$is_valid_request) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + } + if ($action != '') { $this->s_hidden_fields['action'] = $action; @@ -122,6 +129,8 @@ class acp_styles */ protected function frontend() { + add_form_key('styles_management'); + // Check mode switch ($this->mode) { |