Fix Form Security

With the use of print_form_button, the security token must be renamed. Fixes #27256
mantisbt · Sep 18, 2020 · 29992f8 · 29992f8
1 parent e9a0ca0
commit 29992f8
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 19 deletions.
diff --git a/account_prof_edit_page.php b/account_prof_edit_page.php
@@ -94,7 +94,7 @@
 <div class="widget-main no-padding">
 <div class="table-responsive">
 	<table class="table table-striped table-bordered table-condensed">
-		<?php  echo form_security_field( 'profile_update' )?>
+		<?php  echo form_security_field( 'account_prof_update' )?>
 		<input type="hidden" name="action" value="update" />
 		<input type="hidden" name="profile_id" value="<?php echo $v_id ?>" />
 <tr>

diff --git a/account_prof_menu_page.php b/account_prof_menu_page.php
@@ -108,7 +108,7 @@
 		<div class="table-responsive">
 			<table class="table table-bordered table-condensed table-striped">
 				<fieldset>
-			<?php  echo form_security_field( 'profile_update' )?>
+			<?php  echo form_security_field( 'account_prof_update' )?>
 			<input type="hidden" name="action" value="add" />
 			<input type="hidden" name="user_id" value="<?php echo $t_user_id ?>" />
 			<tr>
@@ -303,7 +303,7 @@
 					<div class="table-responsive">
 						<table class="table table-bordered table-condensed table-striped">
 		<fieldset>
-			<?php  echo form_security_field( 'profile_update' )?>
+			<?php  echo form_security_field( 'account_prof_update' )?>
 			<tr>
 				<td class="category">
 					<?php echo lang_get( 'edit_profile' ) ?>

diff --git a/account_prof_update.php b/account_prof_update.php
@@ -50,7 +50,8 @@
 	trigger_error( ERROR_ACCESS_DENIED, ERROR );
 }
 
-form_security_validate( 'profile_update' );
+$t_form_name = 'account_prof_update';
+form_security_validate( $t_form_name );
 
 auth_ensure_user_authenticated();
 
@@ -70,8 +71,7 @@
 
 switch( $f_action ) {
 	case 'edit':
-		form_security_purge( 'profile_update' );
-		print_header_redirect( 'account_prof_edit_page.php?profile_id=' . $f_profile_id );
+		$t_redirect_page = 'account_prof_edit_page.php?profile_id=' . $f_profile_id;
 		break;
 
 	case 'add':
@@ -92,12 +92,11 @@
 		}
 
 		profile_create( $t_user_id, $f_platform, $f_os, $f_os_build, $f_description );
-		form_security_purge( 'profile_update' );
 
 		if( ALL_USERS == $t_user_id ) {
-			print_header_redirect( 'manage_prof_menu_page.php' );
+			$t_redirect_page = 'manage_prof_menu_page.php';
 		} else {
-			print_header_redirect( 'account_prof_menu_page.php' );
+			$t_redirect_page = 'account_prof_menu_page.php';
 		}
 		break;
 
@@ -111,12 +110,10 @@
 			access_ensure_global_level( config_get( 'manage_global_profile_threshold' ) );
 
 			profile_update( ALL_USERS, $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description );
-			form_security_purge( 'profile_update' );
-			print_header_redirect( 'manage_prof_menu_page.php' );
+			$t_redirect_page = 'manage_prof_menu_page.php';
 		} else {
 			profile_update( auth_get_current_user_id(), $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description );
-			form_security_purge( 'profile_update' );
-			print_header_redirect( 'account_prof_menu_page.php' );
+			$t_redirect_page = 'account_prof_menu_page.php';
 		}
 		break;
 
@@ -125,18 +122,18 @@
 			access_ensure_global_level( config_get( 'manage_global_profile_threshold' ) );
 
 			profile_delete( ALL_USERS, $f_profile_id );
-			form_security_purge( 'profile_update' );
-			print_header_redirect( 'manage_prof_menu_page.php' );
+			$t_redirect_page = 'manage_prof_menu_page.php';
 		} else {
 			profile_delete( auth_get_current_user_id(), $f_profile_id );
-			form_security_purge( 'profile_update' );
-			print_header_redirect( 'account_prof_menu_page.php' );
+			$t_redirect_page = 'account_prof_menu_page.php';
 		}
 		break;
 
 	case 'make_default':
 		current_user_set_pref( 'default_profile', $f_profile_id );
-		form_security_purge( 'profile_update' );
-		print_header_redirect( 'account_prof_menu_page.php' );
+		$t_redirect_page = 'account_prof_menu_page.php';
 		break;
 }
+
+form_security_purge( $t_form_name );
+print_header_redirect( $t_redirect_page );