fixes GHSA-p362-cfpj-q55f protect against CSRF on batch manager unit mode

2025-04-26 11:19:55 +03:00 · 2024-02-12 16:51:53 +01:00 · 2024-02-12 16:51:53 +01:00 · e95036b92a
commit e95036b92a
parent 562170528c
3 changed files with 4 additions and 1 deletions
--- a/admin/batch_manager_unit.php
+++ b/admin/batch_manager_unit.php
@ -32,6 +32,7 @@ trigger_notify('loc_begin_element_set_unit');

 if (isset($_POST['submit']))
 {
+  check_pwg_token();
  check_input_parameter('element_ids', $_POST, false, '/^\d+(,\d+)*$/');
  $collection = explode(',', $_POST['element_ids']);

@ -110,6 +111,7 @@ $template->assign(
    'F_ACTION' => $base_url.get_query_string_diff(array()),
    'level_options' => get_privacy_level_options(),
    'ADMIN_PAGE_TITLE' => l10n('Batch Manager'),
+    'PWG_TOKEN' => get_pwg_token(),
    )
  );

--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@ -2862,7 +2862,7 @@ function get_tag_ids($raw_tags, $allow_create=true)
    elseif ($allow_create)
    {
      // we have to create a new tag
-      $tag_ids[] = tag_id_from_tag_name($raw_tag);
+      $tag_ids[] = tag_id_from_tag_name(strip_tags($raw_tag));
    }
  }

--- a/admin/themes/default/template/batch_manager_unit.tpl
+++ b/admin/themes/default/template/batch_manager_unit.tpl
@ -114,6 +114,7 @@ jQuery("a.preview-box").colorbox( {
 {if !empty($navbar)}{include file='navigation_bar.tpl'|@get_extent:'navbar'}{/if}

 <p>
+  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
  <button class="buttonLike" type="submit" value="{'Submit'|@translate}" name="submit"><i class="icon-floppy"></i>{'Submit'|@translate}</button>
  <button class="resetButton" type="reset" value="{'Reset'|@translate}" name="reset">{'Reset'|@translate}</button>