Remove the possibility of a CSRF attack unlocking a page / module entry.

#281
bigtreecms · May 25, 2017 · c17d09b · c17d09b
1 parent b722939
commit c17d09b
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 5 deletions.
diff --git a/core/admin/auto-modules/forms/_locked.php b/core/admin/auto-modules/forms/_locked.php
@@ -13,7 +13,7 @@
 		</p>
 	</section>
 	<footer>
-		<a href="?force=true<?=$view_data?>" class="button blue">Unlock</a>
+		<a href="?force=true<?=$view_data?><? $admin->drawCSRFTokenGET(); ?>" class="button blue">Unlock</a>
 		&nbsp;
 		<a href="javascript:history.go(-1);" class="button white">Cancel</a>
 	</footer>

diff --git a/core/admin/auto-modules/forms/edit.php b/core/admin/auto-modules/forms/edit.php
@@ -1,6 +1,12 @@
 <?
 	// Check for a page lock
-	$force = isset($_GET["force"]) ? true : false;
+	if (!empty($_GET["force"])) {
+		$admin->verifyCSRFToken();
+		$force = true;
+	} else {
+		$force = false;
+	}
+
 	$admin->lockCheck($bigtree["form"]["table"],$bigtree["edit_id"],"admin/auto-modules/forms/_locked.php",$force);
 
 	$pending_entry = BigTreeAutoModule::getPendingItem($bigtree["form"]["table"],$bigtree["edit_id"]);

diff --git a/core/admin/modules/pages/_locked.php b/core/admin/modules/pages/_locked.php
@@ -12,6 +12,6 @@
 	<footer>
 		<a href="javascript:history.go(-1);" class="button white">Cancel</a>
 		&nbsp;
-		<a href="?force=true" class="button blue">Unlock</a>
+		<a href="?force=true<? $admin->drawCSRFTokenGET() ?>" class="button blue">Unlock</a>
 	</footer>
 </div>
diff --git a/core/admin/modules/pages/edit.php b/core/admin/modules/pages/edit.php
@@ -6,7 +6,13 @@
 	include BigTree::path("admin/modules/pages/_properties.php");
 
 	// Check for a page lock
-	$force = isset($_GET["force"]) ? $_GET["force"] : false;
+	if (!empty($_GET["force"])) {
+		$admin->verifyCSRFToken();
+		$force = true;
+	} else {
+		$force = false;
+	}
+
 	$admin->lockCheck("bigtree_pages",$page["id"],"admin/modules/pages/_locked.php",$force);
 
 	// Grab template information

diff --git a/core/admin/modules/pages/revisions.php b/core/admin/modules/pages/revisions.php
@@ -32,7 +32,13 @@
 	}
 
 	// Check for a page lock
-	$force = isset($_GET["force"]) ? $_GET["force"] : false;
+	if (!empty($_GET["force"])) {
+		$admin->verifyCSRFToken();
+		$force = true;
+	} else {
+		$force = false;
+	}
+
 	$lock_id = $admin->lockCheck("bigtree_pages",$page["id"],"admin/modules/pages/_locked.php",$force);
 
 	// See if there's a draft copy.