fix(admin): verify CSRF token in Plus/Gold admin Mods [#139] (#253)

This commit is contained in:
Ferywir
2026-06-22 17:40:43 +02:00
committed by GitHub
parent 9d2d7699a9
commit 6e79c47951
10 changed files with 31 additions and 0 deletions
+5
View File
@@ -17,6 +17,11 @@ if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
// itself (it does not go through admin.php's central csrf_verify()).
require_once(__DIR__ . '/../csrf.php');
csrf_verify();
include_once("../../config.php");
// ---------------------------------------------------------------------------