From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- interface/web/admin/language_import.php | 11 ++++++++++- 1 files changed, 10 insertions(+), 1 deletions(-) diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php index d53575b..be822cf 100644 --- a/interface/web/admin/language_import.php +++ b/interface/web/admin/language_import.php @@ -36,7 +36,7 @@ $new_string = ''; for($c = 0; $c < mb_strlen($string); $c++) { - $char = $string{$c}; + $char = mb_substr($string, $c, 1); if($in_string === true && $escaped === false && $char === $quote) { // this marks a string end (e.g. for concatenation) @@ -129,6 +129,10 @@ // Export the language file if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])) { + + //* CSRF Check + $app->auth->csrf_token_check(); + $lines = file($_FILES['file']['tmp_name']); // initial check $parts = explode('|', $lines[0]); @@ -183,6 +187,11 @@ $app->tpl->setVar('msg', $msg); $app->tpl->setVar('error', $error); +//* SET csrf token +$csrf_token = $app->auth->csrf_token_get('language_import'); +$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); +$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); + //* load language file $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng'; include $lng_file; -- Gitblit v1.9.1