Skip to content

Commit

Permalink
Checks session in the correct places in SMF\Actions\Admin\Server
Browse files Browse the repository at this point in the history 
Signed-off-by: Jon Stovell <[email protected]>
  • Loading branch information
@Sesquipedalian
Sesquipedalian committed Jul 1, 2024
1 parent 7f4922f commit 5906de4
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions Sources/Actions/Admin/Server.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,8 +188,6 @@ public function execute(): void
// This is just to keep the database password more secure.
User::$me->isAllowedTo('admin_forum');

User::$me->checkSession('request');

Utils::$context['page_title'] = Lang::$txt['admin_server_settings'];
Utils::$context['sub_template'] = 'show_settings';

Expand Down Expand Up @@ -238,6 +236,8 @@ public function general(): void

// Saving settings?
if (isset($_REQUEST['save'])) {
User::$me->checkSession();

IntegrationHook::call('integrate_save_general_settings');

foreach ($config_vars as $config_var) {
Expand Down Expand Up @@ -314,6 +314,8 @@ public function database(): void

// Saving settings?
if (isset($_REQUEST['save'])) {
User::$me->checkSession();

IntegrationHook::call('integrate_save_database_settings');

ACP::saveSettings($config_vars);
Expand Down Expand Up @@ -356,6 +358,8 @@ function hideGlobalCookies()

// Saving settings?
if (isset($_REQUEST['save'])) {
User::$me->checkSession();

IntegrationHook::call('integrate_save_cookie_settings');

$_POST['cookiename'] = Utils::normalize($_POST['cookiename']);
Expand Down Expand Up @@ -437,6 +441,8 @@ public function security(): void

// Saving?
if (isset($_GET['save'])) {
User::$me->checkSession();

if (!empty($_POST['cors_domains'])) {
$cors_domains = explode(',', $_POST['cors_domains']);

Expand Down Expand Up @@ -481,6 +487,8 @@ public function cache(): void

// Saving again?
if (isset($_GET['save'])) {
User::$me->checkSession();

IntegrationHook::call('integrate_save_cache_settings');

if (is_callable([CacheApi::$loadedApi, 'cleanCache']) && ((int) $_POST['cache_enable'] < CacheApi::$enable || $_POST['cache_accelerator'] != CacheApi::$accelerator)) {
Expand Down Expand Up @@ -526,6 +534,8 @@ public function export(): void
$config_vars = self::exportConfigVars();

if (isset($_REQUEST['save'])) {
User::$me->checkSession();

$prev_export_dir = is_dir(Config::$modSettings['export_dir']) ? rtrim(Config::$modSettings['export_dir'], '/\\') : '';

if (!empty($_POST['export_dir'])) {
Expand Down Expand Up @@ -600,6 +610,8 @@ public function loadBalancing(): void

// Saving?
if (isset($_GET['save'])) {
User::$me->checkSession();

// Stupidity is not allowed.
foreach ($_POST as $key => $value) {
if (!isset(self::LOADAVG_DEFAULT_VALUES[$key])) {
Expand Down

0 comments on commit 5906de4

Please sign in to comment.