xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8a3a67d17595e90f378fcda4ef3066669a4f35aa
TravianZ/GameEngine/Admin
T
History
Ferywir 8a3a67d175 fix(admin): verify CSRF token in alliance/medal admin Mods [#139] (#261) 
editAli, delAli, medals, delallymedal, delallymedalbyaid, delallymedalbyweek
and deletemedalbyweek are POSTed to directly, bypassing admin.php's central
csrf_verify(). Add csrf_verify() (after the admin access check, via the shared
GameEngine/Admin/csrf.php) and csrf_field() in their forms (playermedals.tpl,
editAli.tpl, delAli.tpl, delmedal.tpl, allymedals.tpl, delallymedal.tpl).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 11:11:32 +03:00
..
Mods
fix(admin): verify CSRF token in alliance/medal admin Mods [#139] (#261)
2026-06-23 11:11:32 +03:00
.htaccess
GameEngine and install folders have 777 already set by default
2016-07-02 21:39:28 +02:00
admin.php
Change some text on license TravianZ
2025-02-11 11:22:22 +02:00
ajax.js
GameEngine and install folders have 777 already set by default
2016-07-02 21:39:28 +02:00
csrf.php
fix(admin): wire CSRF token into admin.php-routed forms [#139] (#244)
2026-06-20 06:44:12 +03:00
database.php
feat: IP ban support (#185) (#188)
2026-06-09 15:15:27 +03:00
function.php
feat: IP ban support (#185) (#188)
2026-06-09 15:15:27 +03:00
index.php
Change some text on license TravianZ
2025-02-11 11:22:22 +02:00
welcome.tpl
fix sql export-import - use html entities
2025-02-06 21:00:09 +02:00