diff --git a/Source/pages/index.php b/Source/pages/index.php index b5073b6..eca4e9c 100644 --- a/Source/pages/index.php +++ b/Source/pages/index.php @@ -65,7 +65,8 @@
-
+ + diff --git a/Source/pages/manage_config.php b/Source/pages/manage_config.php index bd18228..08907f8 100644 --- a/Source/pages/manage_config.php +++ b/Source/pages/manage_config.php @@ -11,6 +11,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. +form_security_validate( 'plugin_Source_manage_config' ); auth_reauthenticate(); access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); @@ -82,5 +83,7 @@ plugin_config_set( 'checkin_urls', serialize( $t_checkin_urls ) ); plugin_config_set( 'import_urls', serialize( $t_import_urls ) ); +form_security_purge( 'plugin_Source_manage_config' ); + print_successful_redirect( plugin_page( 'manage_config_page', true ) ); diff --git a/Source/pages/manage_config_page.php b/Source/pages/manage_config_page.php index 6fa486d..b625e43 100644 --- a/Source/pages/manage_config_page.php +++ b/Source/pages/manage_config_page.php @@ -29,6 +29,7 @@
+
diff --git a/Source/pages/repo_create.php b/Source/pages/repo_create.php index 6e2cb1e..cf3ba31 100644 --- a/Source/pages/repo_create.php +++ b/Source/pages/repo_create.php @@ -11,6 +11,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. +form_security_validate( 'plugin_Source_repo_create' ); access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); $f_repo_name = gpc_get_string( 'repo_name' ); @@ -19,4 +20,6 @@ $t_repo = new SourceRepo( $f_repo_type, $f_repo_name ); $t_repo->save(); +form_security_purge( 'plugin_Source_repo_create' ); + print_successful_redirect( plugin_page( 'repo_update_page', true ) . '&id=' . $t_repo->id ); diff --git a/Source/pages/repo_delete.php b/Source/pages/repo_delete.php index 538643c..ef36531 100644 --- a/Source/pages/repo_delete.php +++ b/Source/pages/repo_delete.php @@ -11,6 +11,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. +form_security_validate( 'plugin_Source_repo_delete' ); access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); $f_repo_id = gpc_get_string( 'id' ); @@ -21,4 +22,5 @@ SourceRepo::delete( $t_repo->id ); +form_security_purge( 'plugin_Source_repo_delete' ); print_successful_redirect( plugin_page( 'index', true ) ); diff --git a/Source/pages/repo_import_full.php b/Source/pages/repo_import_full.php index 67a7bbb..722c393 100644 --- a/Source/pages/repo_import_full.php +++ b/Source/pages/repo_import_full.php @@ -11,6 +11,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. +form_security_validate( 'plugin_Source_repo_import_full' ); access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); $f_repo_id = gpc_get_string( 'id' ); @@ -52,5 +53,7 @@ echo ''; } +form_security_purge( 'plugin_Source_repo_import_full' ); + html_page_bottom1(); diff --git a/Source/pages/repo_import_latest.php b/Source/pages/repo_import_latest.php index 362b432..db4ba43 100644 --- a/Source/pages/repo_import_latest.php +++ b/Source/pages/repo_import_latest.php @@ -13,22 +13,25 @@ $t_address = $_SERVER['REMOTE_ADDR']; $t_valid = false; +$t_remote = true; + +# Allow a logged-in user to import +if ( !$t_valid && auth_is_user_authenticated() ) { + form_security_validate( 'plugin_Source_repo_import_latest' ); + access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); + helper_ensure_confirmed( plugin_lang_get( 'ensure_import_latest' ), plugin_lang_get( 'import_latest' ) ); + + $t_valid = true; + $t_remote = false; +} + +helper_begin_long_process(); # Always allow the same machine to import if ( '127.0.0.1' == $t_address || '127.0.1.1' == $t_address ) { $t_valid = true; } -# Allow a logged-in user to import -if ( !$t_valid && auth_is_user_authenticated() ) { - access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); - helper_ensure_confirmed( plugin_lang_get( 'ensure_import_latest' ), plugin_lang_get( 'import_latest' ) ); - - $t_valid = true; -} - -helper_begin_long_process(); - # Check for allowed remote IP/URL addresses if ( !$t_valid && ON == plugin_config_get( 'remote_import' ) ) { $t_import_urls = unserialize( plugin_config_get( 'import_urls' ) ); @@ -97,5 +100,9 @@ print_bracket_link( plugin_page( 'repo_manage_page' ) . '&id=' . $t_repo->id, 'Return To Repository' ); echo ''; +if ( !$t_remote ) { + form_security_purge( 'plugin_Source_repo_import_latest' ); +} + html_page_bottom1(); diff --git a/Source/pages/repo_manage_page.php b/Source/pages/repo_manage_page.php index 3940ee1..7770f46 100644 --- a/Source/pages/repo_manage_page.php +++ b/Source/pages/repo_manage_page.php @@ -68,12 +68,23 @@ diff --git a/Source/pages/repo_update.php b/Source/pages/repo_update.php index bde2717..f095a7c 100644 --- a/Source/pages/repo_update.php +++ b/Source/pages/repo_update.php @@ -11,6 +11,7 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. +form_security_validate( 'plugin_Source_repo_update' ); access_ensure_global_level( plugin_config_get( 'manage_threshold' ) ); $f_repo_id = gpc_get_int( 'repo_id' ); @@ -31,5 +32,7 @@ $t_repo->save(); } +form_security_purge( 'plugin_Source_repo_update' ); + print_successful_redirect( plugin_page( 'repo_manage_page', true ) . '&id=' . $t_repo->id ); diff --git a/Source/pages/repo_update_page.php b/Source/pages/repo_update_page.php index 7a43007..0733ddb 100644 --- a/Source/pages/repo_update_page.php +++ b/Source/pages/repo_update_page.php @@ -24,6 +24,7 @@
+
- -
+
+ +
+
+ + +
 -
-
+
+ + +
+
+ + +