aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp/acp_modules.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/acp/acp_modules.php')
-rw-r--r--phpBB/includes/acp/acp_modules.php30
1 files changed, 24 insertions, 6 deletions
diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php
index d3ecffe81e..4d90b2da8b 100644
--- a/phpBB/includes/acp/acp_modules.php
+++ b/phpBB/includes/acp/acp_modules.php
@@ -50,6 +50,9 @@ class acp_modules
$user->add_lang('acp/modules');
$this->tpl_name = 'acp_modules';
+ $form_key = 'acp_modules';
+ add_form_key($form_key);
+
// module class
$this->module_class = $mode;
@@ -130,6 +133,11 @@ class acp_modules
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
+ if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
+ }
+
$sql = 'SELECT *
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -161,6 +169,11 @@ class acp_modules
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
+ if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
+ }
+
$sql = 'SELECT *
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -305,6 +318,11 @@ class acp_modules
if ($submit)
{
+ if (!check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
+ }
+
if (!$module_data['module_langname'])
{
trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
@@ -506,12 +524,12 @@ class acp_modules
'S_ACP_MODULE_MANAGEMENT' => ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false,
'U_MODULE' => $this->u_action . '&parent_id=' . $row['module_id'],
- 'U_MOVE_UP' => $url . '&action=move_up',
- 'U_MOVE_DOWN' => $url . '&action=move_down',
+ 'U_MOVE_UP' => $url . '&action=move_up&hash=' . generate_link_hash('acp_modules'),
+ 'U_MOVE_DOWN' => $url . '&action=move_down&hash=' . generate_link_hash('acp_modules'),
'U_EDIT' => $url . '&action=edit',
'U_DELETE' => $url . '&action=delete',
- 'U_ENABLE' => $url . '&action=enable',
- 'U_DISABLE' => $url . '&action=disable')
+ 'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
+ 'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
);
}
while ($row = $db->sql_fetchrow($result));
@@ -538,8 +556,8 @@ class acp_modules
'U_EDIT' => $url . '&action=edit',
'U_DELETE' => $url . '&action=delete',
- 'U_ENABLE' => $url . '&action=enable',
- 'U_DISABLE' => $url . '&action=disable')
+ 'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
+ 'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
);
}
$db->sql_freeresult($result);