check token to avoid CSRF - refs BT#7215

11 years ago · dfff494b5d
parent 884208ba00
commit dfff494b5d
2 changed files with 5 additions and 3 deletions
--- a/main/admin/settings.lib.php
+++ b/main/admin/settings.lib.php
@ -111,7 +111,7 @@ function handle_extensions()
 function handle_plugins()
 {
    $plugin_obj = new AppPlugin();
-
+    $token = Security::get_token();
     if (isset($_POST['submit_plugins'])) {
        store_plugins();
        // Add event to the system log.
@ -126,7 +126,7 @@ function handle_plugins()

    //Plugins NOT installed
    echo Display::page_subheader(get_lang('Plugins'));
-    echo '<form class="form-horizontal" name="plugins" method="post" action="'.api_get_self().'?category='.Security::remove_XSS($_GET['category']).'">';
+    echo '<form class="form-horizontal" name="plugins" method="post" action="'.api_get_self().'?category='.Security::remove_XSS($_GET['category']).'&sec_token=' . $token . '">';
    echo '<table class="data_table">';
    echo '<tr>';
    echo '<th width="20px">';
--- a/main/admin/settings.php
+++ b/main/admin/settings.php
@ -443,7 +443,9 @@ if (!empty($_GET['category'])) {
        case 'Plugins':
            // Displaying the extensions: Plugins.
            // This will be available to all the sites (access_urls).
-            if (isset($_POST['submit_dashboard_plugins'])) {
+            $securityToken = Security::remove_XSS($_GET['sec_token']);
+            if (isset($_POST['submit_dashboard_plugins']) && Security::check_token($securityToken)) {
+                Security::clear_token();
                $affected_rows = DashboardManager::store_dashboard_plugins($_POST);
                if ($affected_rows) {
                    // add event to system log