diff options
author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-20 16:02:03 +0100 |
---|---|---|
committer | msquare <msquare@notrademark.de> | 2018-11-21 19:24:36 +0100 |
commit | 944c29b96429ec95ac1371cb33cc43704a60c7b1 (patch) | |
tree | 7be99e68d8c15fc7e210a4b3ccc44861a8d1de64 /includes/pages/admin_questions.php | |
parent | fd37c9d60ea818dc9a562fa88ff5f9a50132506f (diff) |
Require POST for sending forms
* Ensure that the form is submitted with a post request
* Replaced several links with forms
Closes #494 (Security Vulnerability)
Diffstat (limited to 'includes/pages/admin_questions.php')
-rw-r--r-- | includes/pages/admin_questions.php | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 4f0f0bfc..60df1ebf 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -56,11 +56,9 @@ function admin_questions() form_textarea('answer', '', ''), form_submit('submit', __('Save')) ], page_link_to('admin_questions', ['action' => 'answer', 'id' => $question['QID']])), - 'actions' => button( - page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]), - __('delete'), - 'btn-xs' - ) + 'actions' => form([ + form_submit('submit', __('delete'), 'btn-xs'), + ], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']])), ]; } @@ -74,11 +72,9 @@ function admin_questions() 'question' => str_replace("\n", '<br />', $question['Question']), 'answered_by' => User_Nick_render($answer_user_source), 'answer' => str_replace("\n", '<br />', $question['Answer']), - 'actions' => button( - page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]), - __('delete'), - 'btn-xs' - ) + 'actions' => form([ + form_submit('submit', __('delete'), 'btn-xs') + ], page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']])) ]; } @@ -102,7 +98,11 @@ function admin_questions() } else { switch ($request->input('action')) { case 'answer': - if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + if ( + $request->has('id') + && preg_match('/^\d{1,11}$/', $request->input('id')) + && $request->hasPostData('submit') + ) { $question_id = $request->input('id'); } else { return error('Incomplete call, missing Question ID.', true); @@ -142,7 +142,11 @@ function admin_questions() } break; case 'delete': - if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + if ( + $request->has('id') + && preg_match('/^\d{1,11}$/', $request->input('id')) + && $request->hasPostData('submit') + ) { $question_id = $request->input('id'); } else { return error('Incomplete call, missing Question ID.', true); |