Commit Graph

7 Commits

Author SHA1 Message Date
Ferywir 749a55aaf5 fix(admin): escape reflected request params in admin templates [#139] (#270) 2026-06-23 17:37:11 +03:00
Ferywir 8a3a67d175 fix(admin): verify CSRF token in alliance/medal admin Mods [#139] (#261)
editAli, delAli, medals, delallymedal, delallymedalbyaid, delallymedalbyweek
and deletemedalbyweek are POSTed to directly, bypassing admin.php's central
csrf_verify(). Add csrf_verify() (after the admin access check, via the shared
GameEngine/Admin/csrf.php) and csrf_field() in their forms (playermedals.tpl,
editAli.tpl, delAli.tpl, delmedal.tpl, allymedals.tpl, delallymedal.tpl).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 11:11:32 +03:00
novgorodschi catalin e69d8457d8 Admin panel design changed
Admin panel design changed
2026-06-05 12:30:13 +03:00
novgorodschi catalin a4e2c506a8 Redesign Admin Panel
Full frontend & backend redesign and refactor
2026-05-25 10:23:39 +03:00
iopietro e3632b9aa1 General fixes
+Medals can now be deleted correctly
2018-06-11 01:21:12 +02:00
Shadowss 6715107016 Update player medal to view images 2013-08-12 08:33:36 +03:00
yi12345 98e94af807 finish hero_full.php 2013-06-16 10:38:34 +03:00