PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-11 14:10:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: paste_action and user_action CSRF

Browse source
This commit is contained in:
Floorb 2023-07-11 03:22:14 -04:00
parent 483d0293f7
commit 239f1f92fe
2 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/admin/paste_action.php
View file

@ -19,6 +19,8 @@ if (!$paste) {
if (!verifyCsrfToken()) {
flashError('Invalid CSRF token (do you have cookies enabled?)');
header('Location: ' . urlForPaste($paste));
die();
}
if (isset($_POST['hide'])) {

6
public/admin/user_action.php
View file

@ -18,11 +18,7 @@ if (!$user) {
if (!verifyCsrfToken()) {
flashError('Invalid CSRF token (do you have cookies enabled?)');
}
$can_administrate = can('administrate', $user);
if (!$can_administrate) {
} elseif (!can('administrate', $user)) {
flashError('Error: You do not have permission to administrate this user.');
} else {
if (isset($_POST['reset_password'])) {