Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2025-11-03 03:46:30 +01:00
Code Issues Packages Projects Releases Activity

Use Grav nonce functionality

Browse Source
This commit is contained in:
Flavio Copes
2015-11-06 15:32:26 +01:00
parent d448b3bdce
commit 24f3df1c76
4 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
classes/controller.php
View File

@@ -86,6 +86,11 @@ class AdminController
*/ */
public function execute() public function execute()
{ {
if (!Utils::verifyNonce($this->post['admin-nonce'], 'admin-post-blueprints')) {
$this->admin->setMessage('Unauthorized', 'error');
return false;
}
$success = false; $success = false;
$method = 'task' . ucfirst($this->task); $method = 'task' . ucfirst($this->task);
if (method_exists($this, $method)) { if (method_exists($this, $method)) {

3
themes/grav/templates/partials/blueprints-new.html.twig
View File

@@ -14,4 +14,7 @@
<div class="button-bar"> <div class="button-bar">
<button class="button primary">{{ "PLUGIN_ADMIN.CONTINUE"|tu }}</button> <button class="button primary">{{ "PLUGIN_ADMIN.CONTINUE"|tu }}</button>
</div> </div>
{{ nonce_field('admin-post-blueprints', 'admin-nonce') }}
</form> </form>

3
themes/grav/templates/partials/blueprints-raw.html.twig
View File

@@ -10,4 +10,7 @@
</div> </div>
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{{ nonce_field('admin-post-blueprints', 'admin-nonce') }}
</form> </form>

2
themes/grav/templates/partials/blueprints.html.twig
View File

@@ -18,4 +18,6 @@
{% include 'forms/fields/hidden/hidden.html.twig' %} {% include 'forms/fields/hidden/hidden.html.twig' %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{{ nonce_field('admin-post-blueprints', 'admin-nonce') }}
</form> </form>