kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111

This commit is contained in:
Benjamin Sonntag 2016-08-09 16:40:11 +02:00
parent 3a3168c69f
commit a35288b91e
1 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
bureau/admin/bro_editor.php
View File

@ -29,6 +29,9 @@
*/ */
require_once("../class/config.php"); require_once("../class/config.php");
// We check it ourself : not fatal
define("NOCSRF",true);
$fields = array ( $fields = array (
"editfile" => array ("request", "string", ""), "editfile" => array ("request", "string", ""),
"texte" => array ("post", "string", ""), "texte" => array ("post", "string", ""),
@ -39,6 +42,7 @@ $fields = array (
); );
getFields($fields); getFields($fields);
$editing=false;
$editfile=ssla($editfile); $editfile=ssla($editfile);
$texte=ssla($texte); $texte=ssla($texte);
@ -51,13 +55,24 @@ if (isset($cancel) && $cancel) {
} }
if (isset($saveret) && $saveret) { if (isset($saveret) && $saveret) {
if ($bro->save($editfile,$R,$texte)) { $editing=true;
// Thanks to this, we bring you back to the EDIT form if the CSRF is invalid.
// Allows you to re-submit
$error="";
if (count($_POST) && !defined("NOCSRF")) {
if (csrf_check()<=0) {
$error=$err->errstr();
}
}
if ($error!="" && $bro->save($editfile,$R,$texte)) {
$error=sprintf(_("Your file %s has been saved"),$editfile)." (".format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s")).")"; $error=sprintf(_("Your file %s has been saved"),$editfile)." (".format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s")).")";
include("bro_main.php");
exit();
} else { } else {
$error=$err->errstr(); $error=$err->errstr();
} }
include("bro_main.php");
exit();
} }
if (isset($save) && $save) { if (isset($save) && $save) {
if ($bro->save($editfile,$R,$texte)) { if ($bro->save($editfile,$R,$texte)) {
@ -115,7 +130,12 @@ echo "<pre class='prettyprint' id='file_content_view' >$content</pre>";
</form> </form>
<script type="text/javascript"> <script type="text/javascript">
$(function() {$( "#tabsfile" ).tabs();}); $(function() {
$( "#tabsfile" ).tabs();
<?php if ($editing) { ?>
$( "#tabsfile-edit" ).tabs( "option", "active", 1 );
<?php } ?>
});
$('#tabsfile').on('tabsbeforeactivate', function(event, ui){ $('#tabsfile').on('tabsbeforeactivate', function(event, ui){
var b = $('#file_content_editor').val(); var b = $('#file_content_editor').val();