Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed issue: no CRSF check for uninstall theme, reported by MUSTAFA H…
…ASAN
  • Loading branch information
LouisGac committed Jan 24, 2018
1 parent d688352 commit 1e44020
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
7 changes: 4 additions & 3 deletions application/controllers/admin/themeoptions.php
Expand Up @@ -233,8 +233,9 @@ public function importManifest($templatename)

}

public function uninstall($templatename)
public function uninstall()
{
$templatename = Yii::app()->request->getPost('templatename');
if (Permission::model()->hasGlobalPermission('templates', 'update')) {
if (!Template::hasInheritance($templatename)) {
TemplateConfiguration::uninstall($templatename);
Expand Down Expand Up @@ -262,12 +263,12 @@ protected function performAjaxValidation($model)

public function getPreviewTag()
{
$templatename = Yii::app()->request->getPost('templatename');
$templatename = Yii::app()->request->getPost('templatename');
$oTemplate = TemplateConfiguration::getInstanceFromTemplateName($templatename);
$previewTag = $oTemplate->getPreview();
return Yii::app()->getController()->renderPartial(
'/admin/super/_renderJson',
['data' => ['image' => $previewTag]],
['data' => ['image' => $previewTag]],
false,
false
);
Expand Down
6 changes: 4 additions & 2 deletions application/models/TemplateConfiguration.php
Expand Up @@ -511,7 +511,7 @@ public function getButtons()
$sOptionUrl = Yii::app()->getController()->createUrl('admin/themeoptions/sa/update', array("id"=>$this->id));
}

$sUninstallUrl = Yii::app()->getController()->createUrl('admin/themeoptions/sa/uninstall/', array("templatename"=>$this->template_name));
$sUninstallUrl = Yii::app()->getController()->createUrl('admin/themeoptions/sa/uninstall/');

$sEditorLink = "<a
id='template_editor_link_".$this->template_name."'
Expand All @@ -538,7 +538,9 @@ class='btn btn-default btn-block'>

$sUninstallLink = '<a
id="remove_fromdb_link_'.$this->template_name.'"
data-href="'.$sUninstallUrl.'"
data-ajax-url="'.$sUninstallUrl.'"
data-post=\'{ "templatename": "'.$this->template_name.'" }\'
data-gridid = "yw0"
data-target="#confirmation-modal"
data-toggle="modal"
data-message="'.gT('This will delete all the specific configurations of this theme.').'<br>'.gT('Do you want to continue?').'"
Expand Down

2 comments on commit 1e44020

@olleharstedt
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this enough to check the Yii CSRF token?

@Shnoulle
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The controller must use POST value, no param :) . And yes, for CRSF post is OK :)

Please sign in to comment.