Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-10-14 09:44:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forum boards admin links: csrf + refactor

Browse Source
This commit is contained in:
slawkens
2025-05-24 11:28:56 +02:00
parent 6e793390c6
commit e776bd52be
3 changed files with 58 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
system/pages/forum/admin.php
View File

@@ -17,6 +17,8 @@ if(!$canEdit) {
return;
}
csrfProtect();
$groupsList = new OTS_Groups_List();
$groups = [
['id' => 0, 'name' => 'Guest'],
@@ -30,23 +32,24 @@ foreach ($groupsList as $group) {
}
if(!empty($action)) {
if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board')
if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board') {
$id = $_REQUEST['id'];
if(isset($_REQUEST['access'])) {
$access = $_REQUEST['access'];
}
if(isset($_REQUEST['guild'])) {
$guild = $_REQUEST['guild'];
if(isset($_POST['access'])) {
$access = $_POST['access'];
}
if(isset($_REQUEST['name'])) {
$name = $_REQUEST['name'];
if(isset($_POST['guild'])) {
$guild = $_POST['guild'];
}
if(isset($_REQUEST['description'])) {
$description = stripslashes($_REQUEST['description']);
if(isset($_POST['name'])) {
$name = $_POST['name'];
}
if(isset($_POST['description'])) {
$description = stripslashes($_POST['description']);
}
$errors = [];
@@ -55,6 +58,7 @@ if(!empty($action)) {
if(Forum::add_board($name, $description, $access, $guild, $errors)) {
$action = $name = $description = '';
header('Location: ' . getLink('forum'));
exit;
}
}
else if($action == 'delete_board') {