File tree 1 file changed +11
-2
lines changed
1 file changed +11
-2
lines changed Original file line number Diff line number Diff line change 4141 <i aria-hidden="true" class="fa fa-tasks"></i> <?php echo $ PMF_LANG ['ad_rs ' ] ?>
4242
4343 <div class="pull-right">
44- <a class="btn btn-danger" href="?action=clear-statistics">
44+ <a class="btn btn-danger"
45+ href="?action=clear-statistics&csrf=<?php echo $ user ->getCsrfTokenFromSession () ?> ">
4546 <i aria-hidden="true" class="fa fa-trash"></i> <?php echo $ PMF_LANG ['ad_delete_all_votings ' ] ?>
4647 </a>
4748 </div>
5051 </header>
5152
5253<?php
53- if ('clear-statistics ' === $ action ) {
54+ $ csrfToken = PMF_Filter::filterInput (INPUT_GET , 'csrf ' , FILTER_SANITIZE_STRING );
55+
56+ if (!isset ($ _SESSION ['phpmyfaq_csrf_token ' ]) || $ _SESSION ['phpmyfaq_csrf_token ' ] !== $ csrfToken ) {
57+ $ clearStatistics = false ;
58+ } else {
59+ $ clearStatistics = true ;
60+ }
61+
62+ if ('clear-statistics ' === $ action && $ clearStatistics ) {
5463 if ($ ratings ->deleteAll ()) {
5564 echo '<p class="alert alert-success">Statistics successfully deleted.</p> ' ;
5665 } else {
You can’t perform that action at this time.
0 commit comments