[security] Fixed issue: possible to delete a broken theme by bait cli…

…cking an administrator

application/controllers/admin/themes.php

@@ -635,17 +635,21 @@ public function delete()
         $this->getController()->redirect(array("admin/themeoptions"));
     }
 
-    public function deleteBrokenTheme($templatename)
+    public function deleteBrokenTheme()
     {
-        // First we check that the theme is really broken
-        $aBrokenThemes = Template::getBrokenThemes();
-        $templatename  = sanitize_dirname($templatename);
-        if (array_key_exists($templatename, $aBrokenThemes)) {
-            if (rmdirr(Yii::app()->getConfig('userthemerootdir')."/".$templatename)){
-                Yii::app()->setFlashMessage(sprintf(gT("Theme '%s' was successfully deleted."), $templatename));
+        $templatename = trim( Yii::app()->request->getPost('templatename') );
+
+        if (Permission::model()->hasGlobalPermission('templates', 'delete')) {
+            // First we check that the theme is really broken
+            $aBrokenThemes = Template::getBrokenThemes();
+            $templatename  = sanitize_dirname($templatename);
+            if (array_key_exists($templatename, $aBrokenThemes)) {
+                if (rmdirr(Yii::app()->getConfig('userthemerootdir')."/".$templatename)){
+                    Yii::app()->setFlashMessage(sprintf(gT("Theme '%s' was successfully deleted."), $templatename));
+                }
+            }else{
+                Yii::app()->setFlashMessage(gT("Not a broken theme!"), 'error');
             }
-        }else{
-            Yii::app()->setFlashMessage(gT("Not a broken theme!"), 'error');
         }
 
         $this->getController()->redirect(array("admin/themeoptions"));

application/views/admin/themeoptions/index.php

@@ -61,6 +61,8 @@
                                                 <td class="col-md-1"><?php echo $oTemplate->buttons; ?></td>
                                             </tr>
                                         <?php endforeach;?>
+
+
                                     </tbody>
                                 </table>
 
@@ -106,9 +108,15 @@
 
                                                     <!-- Delete -->
                                                     <?php if(Permission::model()->hasGlobalPermission('templates','delete')):?>
-                                                        <a class="btn btn-default btn-block" id="button-delete" href="#" role="button" onclick='if (confirm("<?php eT("Are you sure you want to delete this broken theme?", "js"); ?>")) window.open("<?php echo $this->createUrl('admin/themes/sa/deleteBrokenTheme/templatename/'.$sName); ?>", "_top")'>
-                                                            <span class="fa fa-trash  text-warning"></span>
-                                                            <?php eT("Delete"); ?>
+                                                        <a
+                                                            id="button-delete"
+                                                            href="<?php echo Yii::app()->getController()->createUrl('admin/themes/sa/deleteBrokenTheme/'); ?>"
+                                                            data-post='{ "templatename": "<?php echo $sName; ?>" }'
+                                                            data-text="<?php eT('Are you sure you want to delete this theme?'); ?>"
+                                                            title="<?php eT('Delete'); ?>"
+                                                            class="btn btn-danger selector--ConfirmModal">
+                                                                <span class="fa fa-trash "></span>
+                                                                <?php eT('Delete'); ?>
                                                         </a>
                                                     <?php endif;?>