mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-28 16:24:54 +02:00
Merge branch 'ent-10217-disable-admin-s-account-via-cross-site-request-forgery' into 'develop'
Ent 10217 disable admin s account via cross site request forgery See merge request artica/pandorafms!5503
This commit is contained in:
Rafael Ameijeiras
commit
8d13e873cc
@ -402,6 +402,11 @@ if ($delete_user === true) {
|
|||||||
__('There was a problem deleting the profile')
|
__('There was a problem deleting the profile')
|
||||||
);
|
);
|
||||||
} else if ($disable_user !== false) {
|
} else if ($disable_user !== false) {
|
||||||
|
// CSRF Validator.
|
||||||
|
if (html_print_csrf_error()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Disable_user.
|
// Disable_user.
|
||||||
$id_user = get_parameter('id', 0);
|
$id_user = get_parameter('id', 0);
|
||||||
|
|
||||||
@ -646,6 +651,8 @@ $limit = (int) $config['block_size'];
|
|||||||
$rowPair = true;
|
$rowPair = true;
|
||||||
$iterator = 0;
|
$iterator = 0;
|
||||||
$cont = 0;
|
$cont = 0;
|
||||||
|
// Creates csrf.
|
||||||
|
$csrf = html_print_csrf_hidden(true);
|
||||||
foreach ($info as $user_id => $user_info) {
|
foreach ($info as $user_id => $user_info) {
|
||||||
if (empty($user_id) === true) {
|
if (empty($user_id) === true) {
|
||||||
continue;
|
continue;
|
||||||
@ -815,6 +822,8 @@ foreach ($info as $user_id => $user_info) {
|
|||||||
$user_info['id_user'],
|
$user_info['id_user'],
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
|
// Same csrf for every disable button for submit.
|
||||||
|
$data[6] .= $csrf;
|
||||||
$data[6] .= html_print_input_hidden(
|
$data[6] .= html_print_input_hidden(
|
||||||
'disable_user',
|
'disable_user',
|
||||||
$toDoAction,
|
$toDoAction,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user