mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-17 01:56:07 +00:00
This commit is contained in:
@@ -36,6 +36,11 @@ if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
|
||||
die("Access Denied: You are not Admin!");
|
||||
}
|
||||
|
||||
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
||||
// itself (it does not go through admin.php's central csrf_verify()).
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
csrf_verify();
|
||||
|
||||
$wgarray = array(1=>1200,1700,2300,3100,4000,5000,6300,7800,9600,11800,14400,17600,21400,25900,31300,37900,45700,55100,66400,80000);
|
||||
|
||||
foreach ($_POST as $key => $value) {
|
||||
|
||||
@@ -21,6 +21,11 @@ include_once("../../Database.php");
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if(($_SESSION['access']?? 0) < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
||||
// itself (it does not go through admin.php's central csrf_verify()).
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
csrf_verify();
|
||||
|
||||
// --- INPUT ---
|
||||
$id = (int)($_POST['id']?? 0);
|
||||
$admid = (int)($_POST['admid']?? 0);
|
||||
|
||||
@@ -10,6 +10,12 @@
|
||||
#################################################################################
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
|
||||
|
||||
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
||||
// itself (it does not go through admin.php's central csrf_verify()).
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
csrf_verify();
|
||||
|
||||
include_once("../../config.php");
|
||||
|
||||
// go max 5 levels up - we don't have folders that go deeper than that
|
||||
|
||||
@@ -18,6 +18,11 @@ if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
|
||||
die("Access Denied: You are not Admin!");
|
||||
}
|
||||
|
||||
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
||||
// itself (it does not go through admin.php's central csrf_verify()).
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
csrf_verify();
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Autoloader path
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
@@ -17,6 +17,11 @@ if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
|
||||
die("Access Denied: You are not Admin!");
|
||||
}
|
||||
|
||||
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
||||
// itself (it does not go through admin.php's central csrf_verify()).
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
csrf_verify();
|
||||
|
||||
include_once("../../config.php");
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
@@ -17,6 +17,11 @@ if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
|
||||
die("Access Denied: You are not Admin!");
|
||||
}
|
||||
|
||||
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
||||
// itself (it does not go through admin.php's central csrf_verify()).
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
csrf_verify();
|
||||
|
||||
include_once("../../config.php");
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
@@ -17,6 +17,11 @@ if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
|
||||
die("Access Denied: You are not Admin!");
|
||||
}
|
||||
|
||||
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
||||
// itself (it does not go through admin.php's central csrf_verify()).
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
csrf_verify();
|
||||
|
||||
include_once("../../config.php");
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
@@ -17,6 +17,11 @@ if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
|
||||
die("Access Denied: You are not Admin!");
|
||||
}
|
||||
|
||||
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
||||
// itself (it does not go through admin.php's central csrf_verify()).
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
csrf_verify();
|
||||
|
||||
include_once("../../config.php");
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
@@ -17,6 +17,11 @@ if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
|
||||
die("Access Denied: You are not Admin!");
|
||||
}
|
||||
|
||||
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
||||
// itself (it does not go through admin.php's central csrf_verify()).
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
csrf_verify();
|
||||
|
||||
include_once("../../config.php");
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
Reference in New Issue
Block a user