Ferywir 6472b30bd2 fix(admin): verify CSRF token in message admin Mods [#139] (#264) ...

sendMessage, massmessage and sysmessage are POSTed to directly, bypassing
admin.php's central csrf_verify(). Add csrf_verify() (after the admin access
check, via the shared GameEngine/Admin/csrf.php) and csrf_field() in their
forms (Newmessage.tpl, massmessage.tpl, sysmessage.tpl; the mass/sys templates
have both a prepare and an execute form).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-23 11:49:32 +03:00

..

gpack

Gloria medals

2018-06-20 08:38:13 +03:00

img

Redesign login page & main page in Admin Panel

2026-06-03 11:43:59 +03:00

Templates

fix(admin): verify CSRF token in message admin Mods [#139] (#264)

2026-06-23 11:49:32 +03:00

.htaccess

finish hero_full.php

2013-06-16 10:38:34 +03:00

admin.php

fix(admin): route alliance management pages [#139] (#260)

2026-06-23 11:06:03 +03:00

ajax.js

finish hero_full.php

2013-06-16 10:38:34 +03:00

index.php

Redirect admin

2026-04-23 12:09:09 +03:00

jquery.cookie.js

New navigation menu in admin panel

2018-07-09 20:23:39 +03:00

welcome.tpl

finish hero_full.php

2013-06-16 10:38:34 +03:00