xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 16:44:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0bbf2bfbe09d7f7ee7e87a49ab084876e690dfe
TravianZ/GameEngine/Admin/Mods/sendMessage.php
T
Ferywir 6472b30bd2 fix(admin): verify CSRF token in message admin Mods [#139] (#264) 
sendMessage, massmessage and sysmessage are POSTed to directly, bypassing
admin.php's central csrf_verify(). Add csrf_verify() (after the admin access
check, via the shared GameEngine/Admin/csrf.php) and csrf_field() in their
forms (Newmessage.tpl, massmessage.tpl, sysmessage.tpl; the mass/sys templates
have both a prepare and an execute form).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 11:49:32 +03:00

131 lines
3.8 KiB
PHP
Executable File
Raw Blame History

<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename sendMessage.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
// itself (it does not go through admin.php's central csrf_verify()).
require_once(__DIR__ . '/../csrf.php');
csrf_verify();
include_once("../../config.php");
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix . "GameEngine/Database.php");
// ---------------------------------------------------------------------------
// INPUT
// ---------------------------------------------------------------------------
$adminId = (int)($_SESSION['id'] ?? 0);
$uid = (int)($_POST['uid'] ?? 0);
$topic = trim($_POST['topic'] ?? 'Admin Message');
$message = trim($_POST['message'] ?? '');
// ---------------------------------------------------------------------------
// VALIDARE
// ---------------------------------------------------------------------------
if ($adminId <= 0) {
die("Invalid admin session.");
}
if ($uid <= 0 || $message === '') {
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=$uid&e=1");
exit;
}
// ---------------------------------------------------------------------------
// SANITIZARE
// ---------------------------------------------------------------------------
$topicEsc = $database->escape($topic);
$msgEsc = $database->escape($message);
$time = time();
// ---------------------------------------------------------------------------
// INSERT MESAJ (FULL FIX)
// ---------------------------------------------------------------------------
$sql = "
INSERT INTO " . TB_PREFIX . "mdata
(
target,
owner,
topic,
message,
viewed,
archived,
send,
time,
deltarget,
delowner,
alliance,
player,
coor,
report
)
VALUES
(
$uid,
$adminId,
'$topicEsc',
'$msgEsc',
0,
0,
0,
$time,
0,
0,
0,
0,
0,
0
)
";
$result = $database->query($sql);
if (!$result) {
die("Message insert failed: " . $database->getError());
}
// ---------------------------------------------------------------------------
// LOG ADMIN ACTION
// ---------------------------------------------------------------------------
$logText = "Sent message to uid $uid: '$topicEsc'";
$logEsc = $database->escape($logText);
$database->query("
INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`)
VALUES (0, $adminId, '$logEsc', $time)
");
// ---------------------------------------------------------------------------
// REDIRECT SUCCESS
// ---------------------------------------------------------------------------
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=" . $uid . "&msg=ok");
exit;
?>
Reference in New Issue View Git Blame Copy Permalink