aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp/acp_styles.php
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2013-03-26 13:18:54 +0100
committerMarc Alexander <admin@m-a-styles.de>2013-03-26 13:18:54 +0100
commit34cdbd0360e756a5ef9646554905697f7ae1ba1f (patch)
tree58486124738299ef5e8fca3761d4d82189cf41a6 /phpBB/includes/acp/acp_styles.php
parentf0b0978538a1b1e25b688cce1794c764f2d363f0 (diff)
parent8b464e87f0a41422dddaa647ac42ab9c7950bb4b (diff)
downloadforums-34cdbd0360e756a5ef9646554905697f7ae1ba1f.tar
forums-34cdbd0360e756a5ef9646554905697f7ae1ba1f.tar.gz
forums-34cdbd0360e756a5ef9646554905697f7ae1ba1f.tar.bz2
forums-34cdbd0360e756a5ef9646554905697f7ae1ba1f.tar.xz
forums-34cdbd0360e756a5ef9646554905697f7ae1ba1f.zip
Merge branch 'develop' of https://github.com/phpbb/phpbb3 into ticket/11314
Conflicts: phpBB/styles/prosilver/template/timezone.js
Diffstat (limited to 'phpBB/includes/acp/acp_styles.php')
-rw-r--r--phpBB/includes/acp/acp_styles.php21
1 files changed, 15 insertions, 6 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 266495972b..094d84de40 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -68,13 +68,20 @@ class acp_styles
$action = $this->request->variable('action', '');
$post_actions = array('install', 'activate', 'deactivate', 'uninstall');
+
+ if ($action && in_array($action, $post_actions) && !check_link_hash($request->variable('hash', ''), $action))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
foreach ($post_actions as $key)
{
- if (isset($_POST[$key]))
+ if ($this->request->is_set_post($key))
{
$action = $key;
}
}
+
if ($action != '')
{
$this->s_hidden_fields['action'] = $action;
@@ -921,21 +928,23 @@ class acp_styles
'L_ACTION' => $this->user->lang['DETAILS']
);
- // Activate
+ // Activate/Deactive
+ $action_name = ($style['style_active'] ? 'de' : '') . 'activate';
+
$actions[] = array(
- 'U_ACTION' => $this->u_action . '&amp;action=' . ($style['style_active'] ? 'de' : '') . 'activate&amp;id=' . $style['style_id'],
+ 'U_ACTION' => $this->u_action . '&amp;action=' . $action_name . '&amp;hash=' . generate_link_hash($action_name) . '&amp;id=' . $style['style_id'],
'L_ACTION' => $this->user->lang['STYLE_' . ($style['style_active'] ? 'DE' : '') . 'ACTIVATE']
);
/* // Export
$actions[] = array(
- 'U_ACTION' => $this->u_action . '&amp;action=export&amp;id=' . $style['style_id'],
+ 'U_ACTION' => $this->u_action . '&amp;action=export&amp;hash=' . generate_link_hash('export') . '&amp;id=' . $style['style_id'],
'L_ACTION' => $this->user->lang['EXPORT']
); */
// Uninstall
$actions[] = array(
- 'U_ACTION' => $this->u_action . '&amp;action=uninstall&amp;id=' . $style['style_id'],
+ 'U_ACTION' => $this->u_action . '&amp;action=uninstall&amp;hash=' . generate_link_hash('uninstall') . '&amp;id=' . $style['style_id'],
'L_ACTION' => $this->user->lang['STYLE_UNINSTALL']
);
@@ -957,7 +966,7 @@ class acp_styles
else
{
$actions[] = array(
- 'U_ACTION' => $this->u_action . '&amp;action=install&amp;dir=' . urlencode($style['style_path']),
+ 'U_ACTION' => $this->u_action . '&amp;action=install&amp;hash=' . generate_link_hash('install') . '&amp;dir=' . urlencode($style['style_path']),
'L_ACTION' => $this->user->lang['INSTALL_STYLE']
);
}
generated by cgit v1.2.1 (git 2.21.0) at 2026-05-20 04:55:10 +0000