xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8d492bebd3b5793d7405c0b34d5c6d595277c940
TravianZ/GameEngine/Admin
T
History
Ferywir 6472b30bd2 fix(admin): verify CSRF token in message admin Mods [#139] (#264) 
sendMessage, massmessage and sysmessage are POSTed to directly, bypassing
admin.php's central csrf_verify(). Add csrf_verify() (after the admin access
check, via the shared GameEngine/Admin/csrf.php) and csrf_field() in their
forms (Newmessage.tpl, massmessage.tpl, sysmessage.tpl; the mass/sys templates
have both a prepare and an execute form).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 11:49:32 +03:00
..
Mods
fix(admin): verify CSRF token in message admin Mods [#139] (#264)
2026-06-23 11:49:32 +03:00
.htaccess
GameEngine and install folders have 777 already set by default
2016-07-02 21:39:28 +02:00
admin.php
Change some text on license TravianZ
2025-02-11 11:22:22 +02:00
ajax.js
GameEngine and install folders have 777 already set by default
2016-07-02 21:39:28 +02:00
csrf.php
fix(admin): wire CSRF token into admin.php-routed forms [#139] (#244)
2026-06-20 06:44:12 +03:00
database.php
feat: IP ban support (#185) (#188)
2026-06-09 15:15:27 +03:00
function.php
feat: IP ban support (#185) (#188)
2026-06-09 15:15:27 +03:00
index.php
Change some text on license TravianZ
2025-02-11 11:22:22 +02:00
welcome.tpl
fix sql export-import - use html entities
2025-02-06 21:00:09 +02:00