Skip to content

Commit

Permalink
InUse Link mit CSRF (#1475)
Browse files Browse the repository at this point in the history
* InUse Link mit CSRF

fixes: #1474

* csrf to infuse check be_link.php
  • Loading branch information
skerbis authored Feb 22, 2024
1 parent 9bca540 commit 9516a44
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 9 deletions.
8 changes: 1 addition & 7 deletions plugins/manager/lib/yform/value/be_link.php
Original file line number Diff line number Diff line change
Expand Up @@ -104,13 +104,7 @@ public static function isArticleInUse(rex_extension_point $ep)
foreach ($items as $item) {
$sqlData = \rex_sql::factory();
$sqlData->setQuery('SELECT `name` FROM `' . \rex_yform_manager_table::table() . '` WHERE `table_name` = "' . $tableName . '"');

$url = \rex_url::backendController([
'page' => 'yform/manager/data_edit',
'table_name' => $tableName,
'data_id' => $item['id'],
'func' => 'edit',
]);
$url = rex_yform_manager::url($tableName, $item['id']);
$messages .= '<li><a href="' . $url . '">' . $sqlData->getValue('name') . ' [id=' . $item['id'] . ']</a></li>';
}
}
Expand Down
4 changes: 2 additions & 2 deletions plugins/manager/lib/yform/value/be_media.php
Original file line number Diff line number Diff line change
Expand Up @@ -146,8 +146,8 @@ public static function isMediaInUse(rex_extension_point $ep)
foreach ($items as $item) {
$sqlData = \rex_sql::factory();
$sqlData->setQuery('SELECT `name` FROM `' . \rex_yform_manager_table::table() . '` WHERE `table_name` = "' . $tableName . '"');

$messages .= '<li><a href="javascript:openPage(\'index.php?page=yform/manager/data_edit&amp;table_name=' . $tableName . '&amp;data_id=' . $item['id'] . '&amp;func=edit\')">' . $sqlData->getValue('name') . ' [id=' . $item['id'] . ']</a></li>';
$editUrl = rex_yform_manager::url($tableName, $item['id']);
$messages .= '<li><a href="javascript:openPage(\'' . $editUrl . '\')">' . $sqlData->getValue('name') . ' [id=' . $item['id'] . ']</a></li>';
}
}
}
Expand Down

0 comments on commit 9516a44

Please sign in to comment.