Skip to content

Commit

Permalink
#27 Add CSRF checking
Browse files Browse the repository at this point in the history
  • Loading branch information
@asmecher
asmecher committed Oct 3, 2023
1 parent b27afdd commit 407ba30
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
2 changes: 2 additions & 0 deletions controllers/grid/CustomLocaleGridHandler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ public function updateLocale(array $args, PKPRequest $request): JSONMessage
{
['locale' => $locale, 'changes' => $changes] = $args;

if (!$request->checkCSRF()) return new JSONMessage(false);

if (!count($changes)) {
$this->setupTemplate($request);
// Create and present the edit form
Expand Down
3 changes: 2 additions & 1 deletion templates/localeFile.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
*}

<form class="pkp_form" id="localeFilesForm" method="post" action="{url router=$smarty.const.ROUTE_COMPONENT component="plugins.generic.customLocale.controllers.grid.CustomLocaleGridHandler" op="updateLocale" locale=$locale key=$name anchor="localeContents"}">
{csrf}
<link rel="stylesheet" href="{$baseUrl}/plugins/generic/customLocale/css/customLocale.css" type="text/css" />
<div id="customLocales">
{* TABLE *}
Expand Down Expand Up @@ -185,4 +186,4 @@
customLocalesApp.data.localeKeysMaster = {$referenceLocaleContents|json_encode};
new pkp.Vue(customLocalesApp);
</script>
</form>
</form>

0 comments on commit 407ba30

Please sign in to comment.