Skip to content

Commit

Permalink
Add token checks for Delete and Switch Cargo table special pages
Browse files Browse the repository at this point in the history 
Patch by BlankEclair.

Change-Id: I15d05996ff1eaf203cf726b02925687e671ba272
  • Loading branch information
@yaronkoren @MrVanosh
yaronkoren authored and MrVanosh committed Oct 7, 2024
1 parent bf05a69 commit 3695b0e
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
3 changes: 2 additions & 1 deletion includes/specials/SpecialDeleteCargoTable.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ public function execute( $subpage = false ) {

$out = $this->getOutput();
$req = $this->getRequest();
$csrfTokenSet = $this->getContext()->getCsrfTokenSet();

$out->enableOOUI();

Expand Down Expand Up @@ -87,7 +88,7 @@ public function execute( $subpage = false ) {
$fieldTables = unserialize( $row['field_tables'] );
$fieldHelperTables = unserialize( $row['field_helper_tables'] );

if ( $this->getRequest()->getCheck( 'delete' ) ) {
if ( $req->wasPosted() && $req->getCheck( 'delete' ) && $csrfTokenSet->matchToken( $req->getText( 'wpEditToken' ) ) ) {
self::deleteTable( $tableName, $fieldTables, $fieldHelperTables );
$text = Html::rawElement( 'p', null, $this->msg( 'cargo-deletetable-success', $tableName )->escaped() ) . "\n";
$tablesLink = CargoUtils::makeLink( $this->getLinkRenderer(),
Expand Down
5 changes: 4 additions & 1 deletion includes/specials/SpecialSwitchCargoTable.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,9 @@ public function execute( $subpage = false ) {
$this->checkPermissions();

$out = $this->getOutput();
$req = $this->getRequest();
$csrfTokenSet = $this->getContext()->getCsrfTokenSet();

$tableName = $subpage;
$out->enableOOUI();

Expand Down Expand Up @@ -116,7 +119,7 @@ public function execute( $subpage = false ) {
$fieldTables = unserialize( $row['field_tables'] );
$fieldHelperTables = unserialize( $row['field_helper_tables'] );

if ( $this->getRequest()->getCheck( 'switch' ) ) {
if ( $req->wasPosted() && $req->getCheck( 'switch' ) && $csrfTokenSet->matchToken( $req->getText( 'wpEditToken' ) ) ) {
self::switchInTableReplacement( $tableName, $fieldTables, $fieldHelperTables, $this->getUser() );
$text = Html::element( 'p', null, $this->msg( 'cargo-switchtables-success', $tableName )->parse() ) . "\n";
$tablesLink = CargoUtils::makeLink( $this->getLinkRenderer(),
Expand Down

0 comments on commit 3695b0e

Please sign in to comment.