Skip to content

Commit

Permalink
Fixed bug #19165: [security] CSRF edit Blacklist settings (YES to NO) (
Browse files Browse the repository at this point in the history
…#3575)

Co-authored-by: Lapiu Dev <devgit@lapiu.biz>
  • Loading branch information
gabrieljenik and lapiudevgit committed Oct 26, 2023
1 parent 07b6897 commit 238c399
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions application/controllers/admin/ParticipantsAction.php
Expand Up @@ -1311,6 +1311,13 @@ public function blacklistControl()
*/
public function storeBlacklistValues()
{
$this->requirePostRequest();

if (!Permission::model()->hasGlobalPermission('settings', 'update')) {
Yii::app()->setFlashMessage(gT('Access denied!'), 'error');
Yii::app()->getController()->redirect(array('admin/participants/sa/blacklistControl'));
}

$values = array('blacklistallsurveys', 'blacklistnewsurveys', 'blockaddingtosurveys', 'hideblacklisted', 'deleteblacklisted', 'allowunblacklist');
foreach ($values as $value) {
if (SettingGlobal::model()->findByPk($value)) {
Expand Down

0 comments on commit 238c399

Please sign in to comment.