Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-01-05 23:30:46 +01:00
Code Issues Packages Projects Releases Activity

Merge branch 'develop' into feature/integrate-with-admin-pro

Browse Source
This commit is contained in:
Flavio Copes
2015-11-21 16:40:18 +01:00
parent 1c989e0c2f e6cddea054
commit 16d745b377
41 changed files with 1264 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
classes/controller.php
View File

@@ -87,6 +87,30 @@ class AdminController
*/
public function execute()
{
if (method_exists('Grav\Common\Utils', 'getNonce')) {
if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
if (!isset($this->post['admin-nonce']) || !Utils::verifyNonce($this->post['admin-nonce'], 'admin-form')) {
$this->admin->setMessage('Unauthorized', 'error');
return false;
}
unset($this->post['admin-nonce']);
} else {
if ($this->task == 'logout') {
$nonce = $this->grav['uri']->param('logout-nonce');
if (!isset($nonce) || !Utils::verifyNonce($nonce, 'logout-form')) {
$this->admin->setMessage('Unauthorized', 'error');
return false;
}
} else {
$nonce = $this->grav['uri']->param('admin-nonce');
if (!isset($nonce) || !Utils::verifyNonce($nonce, 'admin-form')) {
$this->admin->setMessage('Unauthorized', 'error');
return false;
}
}
}
}
$success = false;
$method = 'task' . ucfirst($this->task);
if (method_exists($this, $method)) {
@@ -391,7 +415,7 @@ class AdminController
}
$download = urlencode(base64_encode($backup));
$url = rtrim($this->grav['uri']->rootUrl(true), '/') . '/' . trim($this->admin->base, '/') . '/task' . $param_sep . 'backup/download' . $param_sep . $download;
$url = rtrim($this->grav['uri']->rootUrl(true), '/') . '/' . trim($this->admin->base, '/') . '/task' . $param_sep . 'backup/download' . $param_sep . $download . '/admin-nonce' . $param_sep . Utils::getNonce('admin-form');
$log->content([
'time' => time(),