Skip to content
Permalink
Browse files

Fixed issue: no CRSF check for uninstall theme, reported by MUSTAFA H…

…ASAN
  • Loading branch information
LouisGac
LouisGac committed Jan 24, 2018
1 parent d688352 commit 1e440208a8d8bfd71ad7802e6369a136e8bba3dd
Showing with 8 additions and 5 deletions.
  1. +4 −3 application/controllers/admin/themeoptions.php
  2. +4 −2 application/models/TemplateConfiguration.php
@@ -233,8 +233,9 @@ public function importManifest($templatename)

}

public function uninstall($templatename)
public function uninstall()
{
$templatename = Yii::app()->request->getPost('templatename');
if (Permission::model()->hasGlobalPermission('templates', 'update')) {
if (!Template::hasInheritance($templatename)) {
TemplateConfiguration::uninstall($templatename);
@@ -262,12 +263,12 @@ protected function performAjaxValidation($model)

public function getPreviewTag()
{
$templatename = Yii::app()->request->getPost('templatename');
$templatename = Yii::app()->request->getPost('templatename');
$oTemplate = TemplateConfiguration::getInstanceFromTemplateName($templatename);
$previewTag = $oTemplate->getPreview();
return Yii::app()->getController()->renderPartial(
'/admin/super/_renderJson',
['data' => ['image' => $previewTag]],
['data' => ['image' => $previewTag]],
false,
false
);
@@ -511,7 +511,7 @@ public function getButtons()
$sOptionUrl = Yii::app()->getController()->createUrl('admin/themeoptions/sa/update', array("id"=>$this->id));
}

$sUninstallUrl = Yii::app()->getController()->createUrl('admin/themeoptions/sa/uninstall/', array("templatename"=>$this->template_name));
$sUninstallUrl = Yii::app()->getController()->createUrl('admin/themeoptions/sa/uninstall/');

$sEditorLink = "<a
id='template_editor_link_".$this->template_name."'
@@ -538,7 +538,9 @@ class='btn btn-default btn-block'>

$sUninstallLink = '<a
id="remove_fromdb_link_'.$this->template_name.'"
data-href="'.$sUninstallUrl.'"
data-ajax-url="'.$sUninstallUrl.'"
data-post=\'{ "templatename": "'.$this->template_name.'" }\'
data-gridid = "yw0"
data-target="#confirmation-modal"
data-toggle="modal"
data-message="'.gT('This will delete all the specific configurations of this theme.').'<br>'.gT('Do you want to continue?').'"

2 comments on commit 1e44020

@olleharstedt

This comment has been minimized.

Copy link
Contributor

@olleharstedt olleharstedt replied Apr 4, 2018

Is this enough to check the Yii CSRF token?

@Shnoulle

This comment has been minimized.

Copy link
Collaborator

@Shnoulle Shnoulle replied Apr 4, 2018

The controller must use POST value, no param :) . And yes, for CRSF post is OK :)

Please sign in to comment.
You can’t perform that action at this time.