Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message
neralex
Site Admin



Joined: Aug 22, 2007
Posts: 1772

PostPosted: Mon Oct 22, 2012 4:15 pm Reply with quote

If i logged in as admin and i click on the little image besides the download title, then i get a CSRF-error...

After a look inside modules/Downloads/includes/nsngd_func.php i found two issues without the csrf class.

near line 614 in function showlisting find:

Code:
echo '<a href="' . $admin_file . '.php?op=DownloadModify&amp;lid=' . $lid . '"><img align="middle" src="'


change it to:

Code:
echo '<a class="rn_csrf" href="' . $admin_file . '.php?op=DownloadModify&amp;lid=' . $lid . '"><img align="middle" src="'


near line 665 in function showresulting find:

Code:
echo '<a href="' . $admin_file . '.php?op=DownloadModify&amp;lid=' . $lid . '"><img align="middle" src="' . $myimage


change it to:

Code:
echo '<a class="rn_csrf" href="' . $admin_file . '.php?op=DownloadModify&amp;lid=' . $lid . '"><img align="middle" src="' . $myimage


Save and close the file - done!

Wink
 
View user's profile Send private message
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Fri Oct 26, 2012 8:46 am Reply with quote

Thanks neralex

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©