PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-11 14:10:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(admin): prevent double posting of mod messages

Browse source
This commit is contained in:
Floorb 2023-08-29 03:37:29 -04:00
parent 33a3107844
commit bb8c8ddd0d
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
public/admin/dashboard.php
View file

@ -9,11 +9,17 @@ use PonePaste\Models\PageView;
use PonePaste\Models\ModMessage;
if (isset($_POST['send_message']) && !empty($_POST['message'])) {
$message = new ModMessage([
if (!verifyCsrfToken()) {
flashError('Invalid CSRF token (do you have cookies enabled?)');
} else {
$message = new ModMessage([
'user_id' => $current_user->id,
'message' => $_POST['message']
]);
$message->save();
]);
$message->save();
header('Location: dashboard.php');
die();
}
}
$last_page_view = PageView::select('tpage', 'tvisit')
@ -113,7 +119,7 @@ $is_admin = $current_user->role >= User::ROLE_ADMIN;
<!-- Start Menu -->
<?php include 'menu.php'; ?>
<!-- End Menu -->
<?php outputFlashes($flashes); ?>
<!-- Start Stats -->
<div class="row">
<div class="col-md-12">
@ -290,6 +296,7 @@ $is_admin = $current_user->role >= User::ROLE_ADMIN;
</tbody>
</table>
<form method="POST" class="form-inline" style="width: 100%;">
<input type="hidden" name="csrf_token" value="<?= setupCsrfToken(); ?>" />
<input class="form-control" type="text" name="message" maxlength="255" placeholder="Message" style="width: 90%;">
<input class="btn btn-primary" type="submit" name="send_message" value="Send" />
</form>