Skip to content

Commit

Permalink
[com_actionlogs][Security][RELEASE BLOCKER] Check for token before al…
Browse files Browse the repository at this point in the history 
…lowing purge (#22705)

* [com_actionlogs][Security] Check for token before allowing purge

@joomla/security 

Add missing token check for CSRF to purge action

* change to use non-static call

* Update actionlogs.php

* remove invisible things
  • Loading branch information
@zero-24
Phil Taylor authored and zero-24 committed Oct 19, 2018
1 parent 62ee1af commit 6c309c7
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion administrator/components/com_actionlogs/controllers/actionlogs.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ public function getModel($name = 'Actionlogs', $prefix = 'ActionlogsModel', $con
public function exportLogs()
{
// Check for request forgeries.
JSession::checkToken() or die(JText::_('JINVALID_TOKEN'));
$this->checkToken();

$task = $this->getTask();

Expand Down Expand Up @@ -116,6 +116,9 @@ public function exportLogs()
*/
public function purge()
{
// Check for request forgeries.
$this->checkToken();

$model = $this->getModel();

if ($model->purge())
Expand Down

0 comments on commit 6c309c7

Please sign in to comment.