Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-10-16 10:44:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

CSRF Protection (#235)

Browse Source 
* Fix alert class name

* feature: csrf protection

* Cosmetics

* Fix token generate

* Admin Panel: changelogs csrf protection

* news/id route

* Refactor admin newses + add csrf

* Use admin.links instead

* Admin panel: Pages csrf

* Menus: better csrf + add success message on reset colors

* Plugins csrf

* Move definitions

* add info function, same as note($message)

* Update mailer.php

* Fix new page/news links

* clear_cache & maintenance csrf

* Formatting

* Fix news type

* Fix changelog link

* Add new changelog link

* More info to confirm dialog

* This is always true
This commit is contained in:
Slawomir Boczek
2023-11-11 10:57:57 +01:00
committed by GitHub
parent a04fbde607
commit 790d85a88a
89 changed files with 789 additions and 504 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
admin/pages/mailer.php
View File

@@ -10,6 +10,8 @@
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Mailer';
csrfProtect();
if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
echo 'Access denied.';
return;
@@ -20,7 +22,7 @@ if (!setting('core.mail_enabled')) {
return;
}
$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
$mail_to = isset($_POST['mail_to']) ? stripslashes(trim($_POST['mail_to'])) : null;
$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;