mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Require token to change theme (fixes #452)

Browse Source
This commit is contained in:
onli 2017-03-02 12:08:05 +01:00
parent d98eaed44c
commit cdf375623d
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/admin/templates.inc.php
View File

@ -68,7 +68,7 @@ if ($serendipity['GET']['adminAction'] == 'editConfiguration') {
$data["adminAction"] = "editConfiguration"; $data["adminAction"] = "editConfiguration";
} }
if ($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['adminAction'] == 'install-frontend' || $serendipity['GET']['adminAction'] == 'install-backend') { if (($serendipity['GET']['adminAction'] == 'install' || $serendipity['GET']['adminAction'] == 'install-frontend' || $serendipity['GET']['adminAction'] == 'install-backend') && serendipity_checkFormToken()) {
serendipity_plugin_api::hook_event('backend_templates_fetchtemplate', $serendipity); serendipity_plugin_api::hook_event('backend_templates_fetchtemplate', $serendipity);
$themeInfo = serendipity_fetchTemplateInfo(serendipity_specialchars($serendipity['GET']['theme'])); $themeInfo = serendipity_fetchTemplateInfo(serendipity_specialchars($serendipity['GET']['theme']));
@ -236,6 +236,7 @@ uasort($data['templates'], function($a, $b) {
$data['cur_tpl'] = $data['templates'][$serendipity['template']]; $data['cur_tpl'] = $data['templates'][$serendipity['template']];
$data['cur_tpl_backend'] = $data['templates'][$serendipity['template_backend']]; $data['cur_tpl_backend'] = $data['templates'][$serendipity['template_backend']];
$data['urltoken'] = serendipity_setFormToken('url');
unset($data['templates'][$serendipity['template']]); unset($data['templates'][$serendipity['template']]);
if ($serendipity['template'] != $serendipity['template_backend'] && isset($data['recommended_templates'][$serendipity['template_backend']]) && isset($data['templates'][$serendipity['template_backend']])) { if ($serendipity['template'] != $serendipity['template_backend'] && isset($data['recommended_templates'][$serendipity['template_backend']]) && isset($data['templates'][$serendipity['template_backend']])) {

10
templates/2k11/admin/templates.inc.tpl
View File

@ -57,8 +57,8 @@
</div> </div>
<button class="template_show_info button_link" type="button" data-href="#template_info_cur" title="{$CONST.TEMPLATE_INFO}"><span class="icon-info-circled" aria-hidden="true"></span><span class="visuallyhidden"> {$CONST.TEMPLATE_INFO}</span></button> <button class="template_show_info button_link" type="button" data-href="#template_info_cur" title="{$CONST.TEMPLATE_INFO}"><span class="icon-info-circled" aria-hidden="true"></span><span class="visuallyhidden"> {$CONST.TEMPLATE_INFO}</span></button>
{if $cur_tpl.info.custom_config}<a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=editConfiguration" title="{$CONST.CONFIGURATION}">{$CONST.CONFIGURATION}</a>{/if} {if $cur_tpl.info.custom_config}<a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=editConfiguration&amp;{$urltoken}" title="{$CONST.CONFIGURATION}">{$CONST.CONFIGURATION}</a>{/if}
{if $cur_tpl.info.custom_admin_interface == $CONST.YES and $cur_tpl.info.name != $cur_tpl_backend.info.name}<a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=install-backend&amp;serendipity[theme]={$template}{$info.info.customURI}" title="{$CONST.SET_AS_TEMPLATE}">{$CONST.INSTALL}: {$CONST.BACKEND}</a>{/if} {if $cur_tpl.info.custom_admin_interface == $CONST.YES and $cur_tpl.info.name != $cur_tpl_backend.info.name}<a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=install-backend&amp;serendipity[theme]={$template}{$info.info.customURI}&amp;{$urltoken}" title="{$CONST.SET_AS_TEMPLATE}">{$CONST.INSTALL}: {$CONST.BACKEND}</a>{/if}
</article> </article>
{if $cur_template_backend} {if $cur_template_backend}
@ -127,10 +127,10 @@
{/if} {/if}
{if !$info.unmetRequirements} {if !$info.unmetRequirements}
{if $info.info.custom_admin_interface == $CONST.YES && $cur_tpl_backend.info.name != $info.info.name} {if $info.info.custom_admin_interface == $CONST.YES && $cur_tpl_backend.info.name != $info.info.name}
<a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=install-frontend&amp;serendipity[theme]={$template}{$info.info.customURI}" title="{$CONST.SET_AS_TEMPLATE}">{$CONST.INSTALL}: {$CONST.FRONTEND}</a> <a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=install-frontend&amp;serendipity[theme]={$template}{$info.info.customURI}&amp;{$urltoken}" title="{$CONST.SET_AS_TEMPLATE}">{$CONST.INSTALL}: {$CONST.FRONTEND}</a>
<a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=install-backend&amp;serendipity[theme]={$template}{$info.info.customURI}" title="{$CONST.SET_AS_TEMPLATE}">{$CONST.INSTALL}: {$CONST.BACKEND}</a> <a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=install-backend&amp;serendipity[theme]={$template}{$info.info.customURI}&amp;{$urltoken}" title="{$CONST.SET_AS_TEMPLATE}">{$CONST.INSTALL}: {$CONST.BACKEND}</a>
{else} {else}
<a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=install&amp;serendipity[theme]={$template}{$info.info.customURI}" title="{$CONST.SET_AS_TEMPLATE}">{$CONST.INSTALL}: {$CONST.FRONTEND}</a> <a class="button_link" href="?serendipity[adminModule]=templates&amp;serendipity[adminAction]=install&amp;serendipity[theme]={$template}{$info.info.customURI}&amp;{$urltoken}" title="{$CONST.SET_AS_TEMPLATE}">{$CONST.INSTALL}: {$CONST.FRONTEND}</a>
{/if} {/if}
{else} {else}
<span class="unmet_requirements msg_error"><span class="icon-attention-circled" aria-hidden="true"></span> {$info.unmetRequirements}></span> <span class="unmet_requirements msg_error"><span class="icon-attention-circled" aria-hidden="true"></span> {$info.unmetRequirements}></span>