Merge pull request #9166 from MrPetovan/bug/phpinfo-accessible-hotfix

[Hotfix] Fix security vulnerability in admin modules
2020-09-08 19:56:26 +02:00 · 2020-09-08 19:56:26 +02:00 · fb721f8e30
commit fb721f8e30
parent d26d64421d 3efa8648c5
20 changed files with 497 additions and 574 deletions
--- a/view/templates/admin/addons/details.tpl
+++ b/view/templates/admin/addons/details.tpl
@ -24,6 +24,7 @@
 	{{if $admin_form}}
 	<h3>{{$settings}}</h3>
 	<form method="post" action="{{$baseurl}}/admin/{{$function}}/{{$addon}}">
+		<input type="hidden" name="form_security_token" value="{{$form_security_token}}">
 		{{$admin_form nofilter}}
 	</form>
 	{{/if}}
--- a/view/templates/admin/dbsync/failed_updates.tpl
+++ b/view/templates/admin/dbsync/failed_updates.tpl
@ -10,7 +10,7 @@

 		<ul>
 			<li><a href="{{$baseurl}}/admin/dbsync/mark/{{$f}}">{{$mark}}</a></li>
-			<li><a href="{{$baseurl}}/admin/dbsync/{{$f}}">{{$apply}}</a></li>
+			<li><a href="{{$baseurl}}/admin/dbsync/update/{{$f}}">{{$apply}}</a></li>
 		</ul>

 		<hr />