TravianZ

xinyin025/TravianZ

Fork 0

mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 16:44:24 +00:00

Commit Graph

Author	SHA1	Message	Date
Ferywir	6472b30bd2	fix(admin): verify CSRF token in message admin Mods [#139 ] (#264 ) sendMessage, massmessage and sysmessage are POSTed to directly, bypassing admin.php's central csrf_verify(). Add csrf_verify() (after the admin access check, via the shared GameEngine/Admin/csrf.php) and csrf_field() in their forms (Newmessage.tpl, massmessage.tpl, sysmessage.tpl; the mass/sys templates have both a prepare and an execute form). Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-23 11:49:32 +03:00
novgorodschi catalin	547e164143	Edit some access for MH user and recreate mass messaage Edit some access for MH user and recreate mass message and new maintenance system view for admins	2026-06-02 10:59:35 +03:00

Author

SHA1

Message

Date

Ferywir

6472b30bd2

fix(admin): verify CSRF token in message admin Mods [#139 ] (#264 )

sendMessage, massmessage and sysmessage are POSTed to directly, bypassing
admin.php's central csrf_verify(). Add csrf_verify() (after the admin access
check, via the shared GameEngine/Admin/csrf.php) and csrf_field() in their
forms (Newmessage.tpl, massmessage.tpl, sysmessage.tpl; the mass/sys templates
have both a prepare and an execute form).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-23 11:49:32 +03:00

novgorodschi catalin

547e164143

Edit some access for MH user and recreate mass messaage

Edit some access for MH user and recreate mass message and new maintenance system view for admins

2026-06-02 10:59:35 +03:00

2 Commits