From bb8c8ddd0d902bfc7a5027a06a02def8aea80332 Mon Sep 17 00:00:00 2001 From: Floorb <132411956+Neetpone@users.noreply.github.com> Date: Tue, 29 Aug 2023 03:37:29 -0400 Subject: [PATCH] fix(admin): prevent double posting of mod messages --- public/admin/dashboard.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/public/admin/dashboard.php b/public/admin/dashboard.php index 4b57acc..d813b8e 100644 --- a/public/admin/dashboard.php +++ b/public/admin/dashboard.php @@ -9,11 +9,17 @@ use PonePaste\Models\PageView; use PonePaste\Models\ModMessage; if (isset($_POST['send_message']) && !empty($_POST['message'])) { - $message = new ModMessage([ + if (!verifyCsrfToken()) { + flashError('Invalid CSRF token (do you have cookies enabled?)'); + } else { + $message = new ModMessage([ 'user_id' => $current_user->id, 'message' => $_POST['message'] - ]); - $message->save(); + ]); + $message->save(); + header('Location: dashboard.php'); + die(); + } } $last_page_view = PageView::select('tpage', 'tvisit') @@ -113,7 +119,7 @@ $is_admin = $current_user->role >= User::ROLE_ADMIN; - +
@@ -290,6 +296,7 @@ $is_admin = $current_user->role >= User::ROLE_ADMIN;
+