CSFR Token expire cache

remdex · remdex · commit 3b5d0a8a4359 · 2021-12-17T01:14:35.000-05:00
diff --git a/lhc_web/design/defaulttheme/tpl/lhsystem/configuration_links/expirecache.tpl.php b/lhc_web/design/defaulttheme/tpl/lhsystem/configuration_links/expirecache.tpl.php
@@ -1,3 +1,3 @@
 <?php if ($currentUser->hasAccessTo('lhsystem','expirecache')) : ?>		
-	<li><a href="<?php echo erLhcoreClassDesign::baseurl('system/expirecache')?>"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('pagelayout/pagelayout','Clean cache');?></a></li>			
+	<li><a class="csfr-required" href="<?php echo erLhcoreClassDesign::baseurl('system/expirecache')?>"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('pagelayout/pagelayout','Clean cache');?></a></li>
 <?php endif; ?>
diff --git a/lhc_web/modules/lhsystem/expirecache.php b/lhc_web/modules/lhsystem/expirecache.php
@@ -1,5 +1,11 @@
 <?php
 
+$currentUser = erLhcoreClassUser::instance();
+
+if (!$currentUser->validateCSFRToken($Params['user_parameters_unordered']['csfr'])) {
+    die('Invalid CSFR Token');
+    exit;
+}
 
 $CacheManager = erConfigClassLhCacheConfig::getInstance();
 $CacheManager->expireCache(true);
diff --git a/lhc_web/modules/lhsystem/module.php b/lhc_web/modules/lhsystem/module.php
@@ -36,7 +36,8 @@
 
 $ViewList['expirecache'] = array(
     'params' => array(),
-    'functions' => array( 'expirecache' )
+    'functions' => array( 'expirecache' ),
+    'uparams' => array('csfr')
 );
 
 $ViewList['smtp'] = array(
