From 4d30633cd4dfa8ad8438fc63c7cefe3c66e5ad46 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Wed, 22 Oct 2014 14:31:19 -0700 Subject: [PATCH] [ticket/security-161] Add form token to styles management form. SECURITY-161 --- phpBB/includes/acp/acp_styles.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 3f9d21f56c..3f40696309 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -69,11 +69,6 @@ class acp_styles $action = $this->request->variable('action', ''); $post_actions = array('install', 'activate', 'deactivate', 'uninstall'); - if ($action && in_array($action, $post_actions) && !check_link_hash($request->variable('hash', ''), $action)) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } - foreach ($post_actions as $key) { if ($this->request->is_set_post($key)) @@ -82,6 +77,18 @@ class acp_styles } } + // The uninstall action uses confirm_box() to verify the validity of the request, + // so there is no need to check for a valid token here. + if (in_array($action, $post_actions) && $action != 'uninstall') + { + $is_valid_request = check_link_hash($request->variable('hash', ''), $action) || check_form_key('styles_management'); + + if (!$is_valid_request) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + } + if ($action != '') { $this->s_hidden_fields['action'] = $action; @@ -121,6 +128,8 @@ class acp_styles */ protected function frontend() { + add_form_key('styles_management'); + // Check mode switch ($this->mode) {