Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.1.0-RC5
-
None
Description
There's a an issue on the activate/deactive/install actions in the styles management page using a POST request. The uninstall action uses a confirmation box in the subsequent page, so that doesn't seem affected. GET requests are checked for validity using check_link_hash(), however, POST requests fail to use check_form_key(). Relevant code below:
$post_actions = array('install', 'activate', 'deactivate', 'uninstall');
|
|
|
if ($action && in_array($action, $post_actions) && !check_link_hash($request->variable('hash', ''), $action))
|
{
|
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
|
}
|
|
|
foreach ($post_actions as $key)
|
{
|
if ($this->request->is_set_post($key))
|
{
|
$action = $key;
|
}
|
}
|