Fix security vulnerability in admin modules
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed - Created Module\BaseAdmin::checkAdminAccess method
This commit is contained in:
		
					parent
					
						
							
								9bc2c5a52e
							
						
					
				
			
			
				commit
				
					
						3efa8648c5
					
				
			
		
					 12 changed files with 29 additions and 36 deletions
				
			
		|  | @ -32,7 +32,7 @@ class Contact extends BaseAdmin | |||
| { | ||||
| 	public static function post(array $parameters = []) | ||||
| 	{ | ||||
| 		parent::post($parameters); | ||||
| 		self::checkAdminAccess(); | ||||
| 
 | ||||
| 		self::checkFormSecurityTokenRedirectOnError('/admin/blocklist/contact', 'admin_contactblock'); | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue