Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-01-04 14:50:59 +01:00
Code Issues Packages Projects Releases Activity

Handle nonce in admin logout too

Browse Source
This commit is contained in:
Flavio Copes
2015-11-17 11:56:21 +01:00
parent 01c5c6af40
commit d2763660fe
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
classes/controller.php
View File

@@ -86,12 +86,20 @@ class AdminController
*/
public function execute()
{
if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
if (method_exists('Grav\Common\Utils', 'getNonce')) {
if (method_exists('Grav\Common\Utils', 'getNonce')) {
if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
if (!isset($this->post['admin-nonce']) || !Utils::verifyNonce($this->post['admin-nonce'], 'admin-form')) {
$this->admin->setMessage('Unauthorized', 'error');
return false;
}
} else {
if ($this->task == 'logout') {
$nonce = $this->grav['uri']->param('logout-nonce');
$nonce = str_replace('SLASH', '/', $nonce);
if (!isset($nonce) || !Utils::verifyNonce($nonce, 'logout-form')) {
return;
}
}
}
}