From d31006ae1a1f5a709e9a100d0096a5633ab820b5 Mon Sep 17 00:00:00 2001 From: Luke Towers Date: Sun, 6 Oct 2019 23:21:08 -0600 Subject: [PATCH] Return 403 response on CSRF fail instead of silently failing Also moved backend::lang.page.invalid_token.label to system::lang.page.invalid_token.label. Fixes --- modules/backend/classes/Controller.php | 2 +- modules/backend/lang/be/lang.php | 3 --- modules/backend/lang/bg/lang.php | 3 --- modules/backend/lang/cs/lang.php | 3 --- modules/backend/lang/da/lang.php | 3 --- modules/backend/lang/de/lang.php | 3 --- modules/backend/lang/el/lang.php | 3 --- modules/backend/lang/en/lang.php | 3 --- modules/backend/lang/es/lang.php | 3 --- modules/backend/lang/et/lang.php | 3 --- modules/backend/lang/fa/lang.php | 3 --- modules/backend/lang/fi/lang.php | 3 --- modules/backend/lang/fr/lang.php | 3 --- modules/backend/lang/hu/lang.php | 3 --- modules/backend/lang/it/lang.php | 3 --- modules/backend/lang/kr/lang.php | 3 --- modules/backend/lang/lt/lang.php | 3 --- modules/backend/lang/lv/lang.php | 3 --- modules/backend/lang/nb-no/lang.php | 3 --- modules/backend/lang/nl/lang.php | 3 --- modules/backend/lang/pl/lang.php | 3 --- modules/backend/lang/pt-br/lang.php | 3 --- modules/backend/lang/pt-pt/lang.php | 3 --- modules/backend/lang/ru/lang.php | 3 --- modules/backend/lang/sk/lang.php | 3 --- modules/backend/lang/sv/lang.php | 3 --- modules/backend/lang/th/lang.php | 3 --- modules/backend/lang/tr/lang.php | 3 --- modules/backend/lang/uk/lang.php | 3 --- modules/backend/lang/vn/lang.php | 3 --- modules/backend/lang/zh-cn/lang.php | 3 --- modules/cms/classes/Controller.php | 11 ++++++++--- modules/system/lang/be/lang.php | 5 +++++ modules/system/lang/bg/lang.php | 5 +++++ modules/system/lang/cs/lang.php | 5 +++++ modules/system/lang/da/lang.php | 5 +++++ modules/system/lang/de/lang.php | 5 +++++ modules/system/lang/el/lang.php | 5 +++++ modules/system/lang/en/lang.php | 3 +++ modules/system/lang/es/lang.php | 5 +++++ modules/system/lang/et/lang.php | 5 +++++ modules/system/lang/fa/lang.php | 5 +++++ modules/system/lang/fi/lang.php | 5 +++++ modules/system/lang/fr/lang.php | 5 +++++ modules/system/lang/hu/lang.php | 5 ++++- modules/system/lang/it/lang.php | 5 +++++ modules/system/lang/kr/lang.php | 5 +++++ modules/system/lang/lt/lang.php | 5 +++++ modules/system/lang/lv/lang.php | 5 +++++ modules/system/lang/nb-no/lang.php | 5 +++++ modules/system/lang/nl/lang.php | 5 +++++ modules/system/lang/pl/lang.php | 5 +++++ modules/system/lang/pt-br/lang.php | 3 +++ modules/system/lang/pt-pt/lang.php | 5 +++++ modules/system/lang/ru/lang.php | 5 +++++ modules/system/lang/sk/lang.php | 5 +++++ modules/system/lang/sv/lang.php | 5 +++++ modules/system/lang/th/lang.php | 3 +++ modules/system/lang/tr/lang.php | 5 +++++ modules/system/lang/uk/lang.php | 5 +++++ modules/system/lang/vn/lang.php | 5 +++++ modules/system/lang/zh-cn/lang.php | 3 +++ 62 files changed, 150 insertions(+), 95 deletions(-) diff --git a/modules/backend/classes/Controller.php b/modules/backend/classes/Controller.php index fd1e16119..4d612fa0d 100644 --- a/modules/backend/classes/Controller.php +++ b/modules/backend/classes/Controller.php @@ -212,7 +212,7 @@ class Controller extends ControllerBase * Check security token. */ if (!$this->verifyCsrfToken()) { - return Response::make(Lang::get('backend::lang.page.invalid_token.label'), 403); + return Response::make(Lang::get('system::lang.page.invalid_token.label'), 403); } /* diff --git a/modules/backend/lang/be/lang.php b/modules/backend/lang/be/lang.php index d3d8c82ab..712215754 100644 --- a/modules/backend/lang/be/lang.php +++ b/modules/backend/lang/be/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "Неабходна база дадзеных мець доступ у панэль кіравання. Праверце, што база дадзеных правільна наладжаная, а міграцыі выкананыя, перад тым, як пасправаць зноў", 'cms_link' => "Вярнуцца на хатнюю старонку" ], - 'invalid_token' => [ - 'label' => "Няправільны токен бяспекі" - ] ], 'partial' => [ 'not_found_name' => "Частковы шаблон \":name\" не знойдзены." diff --git a/modules/backend/lang/bg/lang.php b/modules/backend/lang/bg/lang.php index 2011a48d4..31f924e44 100644 --- a/modules/backend/lang/bg/lang.php +++ b/modules/backend/lang/bg/lang.php @@ -19,9 +19,6 @@ return [ 'help' => "Вие нямате нужните права за да видите тази страница.", 'cms_link' => 'Върни се към администраторския-панел' ], - 'invalid_token' => [ - 'label' => 'Невалиден код за сигурност (token)' - ] ], 'partial' => [ 'not_found_name' => "Частичната страница ':name' не е намерена." diff --git a/modules/backend/lang/cs/lang.php b/modules/backend/lang/cs/lang.php index 3caa0079b..fb2312b5a 100644 --- a/modules/backend/lang/cs/lang.php +++ b/modules/backend/lang/cs/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "K přístupu do administrace je zapotřebí databáze. Zkontrolujte, zda je databáze nakonfigurována a migrována a zkuste to znovu.", 'cms_link' => 'Zpět na úvodní stránku' ], - 'invalid_token' => [ - 'label' => 'Neplatný bezpečnostní token', - ] ], 'partial' => [ 'not_found_name' => "Dílčí šablona ':name' nebyla nalezena." diff --git a/modules/backend/lang/da/lang.php b/modules/backend/lang/da/lang.php index 538f24dd4..03747670e 100644 --- a/modules/backend/lang/da/lang.php +++ b/modules/backend/lang/da/lang.php @@ -24,9 +24,6 @@ return [ 'help' => "En database er påkrævet for at kunne tilgå backenden. Kontroller om databasen er konfigureret og migreret, inden du prøver igen.", 'cms_link' => 'Tilbage til hjemmesiden' ], - 'invalid_token' => [ - 'label' => 'Ugyldig sikkerhedstoken' - ] ], 'partial' => [ 'not_found_name' => "Partialen ':name' kunne ikke findes." diff --git a/modules/backend/lang/de/lang.php b/modules/backend/lang/de/lang.php index d61f8af1b..ce2018937 100644 --- a/modules/backend/lang/de/lang.php +++ b/modules/backend/lang/de/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "Eine Datenbank wird benötigt um Zugriff auf das Backend zu haben. Überprüfe die Datenbankkonfiguration und migriere die Datenbank bevor du es noch einmal probierst.", 'cms_link' => 'Zurück zur Homepage' ], - 'invalid_token' => [ - 'label' => 'Ungültiges Sicherheitstoken' - ] ], 'partial' => [ 'not_found_name' => "Das Partial ':name' wurde nicht gefunden.", diff --git a/modules/backend/lang/el/lang.php b/modules/backend/lang/el/lang.php index 00c31fb20..71163c21b 100644 --- a/modules/backend/lang/el/lang.php +++ b/modules/backend/lang/el/lang.php @@ -19,9 +19,6 @@ return [ 'help' => "Δεν έχεις τα απαραίτητα δικαιώματα για να δεις αυτήν την σελίδα.", 'cms_link' => 'Επιστροφή στό back-end.', ], - 'invalid_token' => [ - 'label' => 'Μη έγκυρο διακριτικό ασφαλείας', - ], 'no_database' => [ 'label' => 'Δεν βρέθηκε η βάση δεδομένων', 'help' => "Η βάση δεδομένων είναι απαραίτητη για να έχετε πρόσβαση στο back-end. Ελέγξτε εάν η βάση δεδομένων είναι ρυθμισμένη και συνδεδεμένη πριν προσπαθήσετε ξανά.", diff --git a/modules/backend/lang/en/lang.php b/modules/backend/lang/en/lang.php index 0b816e1e5..f550839d6 100644 --- a/modules/backend/lang/en/lang.php +++ b/modules/backend/lang/en/lang.php @@ -32,9 +32,6 @@ return [ 'help' => "A database is required to access the back-end. Check the database is configured and migrated before trying again.", 'cms_link' => 'Return to the homepage', ], - 'invalid_token' => [ - 'label' => 'Invalid security token', - ], ], 'partial' => [ 'not_found_name' => "The partial ':name' is not found.", diff --git a/modules/backend/lang/es/lang.php b/modules/backend/lang/es/lang.php index a1ba3509b..2e5764c61 100644 --- a/modules/backend/lang/es/lang.php +++ b/modules/backend/lang/es/lang.php @@ -19,9 +19,6 @@ return [ 'help' => 'No tiene permisos necesarios para ver esta página.', 'cms_link' => 'Volver al panel de administración' ], - 'invalid_token' => [ - 'label' => 'Token de seguridad invalido' - ] ], 'partial' => [ 'not_found_name' => "El parcial ':name' no se encuentra." diff --git a/modules/backend/lang/et/lang.php b/modules/backend/lang/et/lang.php index 4f9ec469e..765ce9eb4 100644 --- a/modules/backend/lang/et/lang.php +++ b/modules/backend/lang/et/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "Haldusliidese kasutamiseks peab olemas seadistatud andmebaas. Enne jätkamist palun kontrolli andmebaasi seadistust.", 'cms_link' => 'Tagasi kodulehele' ], - 'invalid_token' => [ - 'label' => 'Vigane turvamärk' - ] ], 'partial' => [ 'not_found_name' => "Koodiblokki ':name' ei leitud." diff --git a/modules/backend/lang/fa/lang.php b/modules/backend/lang/fa/lang.php index 912bb6d55..a038ad088 100644 --- a/modules/backend/lang/fa/lang.php +++ b/modules/backend/lang/fa/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "جهت استفاده از بخش مدیریت به یک پایگاه داده نیاز دارید. تنظیمات پایگاه داده را بررسی نموده و از نصب جدولها در آن اطمینان حاصل کنید.", 'cms_link' => 'Return to the homepage' ], - 'invalid_token' => [ - 'label' => 'کلید امنیتی معتبر نمی باشد' - ] ], 'partial' => [ 'not_found_name' => "بخشی با نام ':name' یافت نشد.", diff --git a/modules/backend/lang/fi/lang.php b/modules/backend/lang/fi/lang.php index cf46750f7..e21e8fe37 100644 --- a/modules/backend/lang/fi/lang.php +++ b/modules/backend/lang/fi/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "Tietokanta on pakollinen. Varmista, että tietokanta on olemassa ja pystyssä kunnes kokeilet uudelleen.", 'cms_link' => 'Palaa kotisivulle' ], - 'invalid_token' => [ - 'label' => 'Token on virheellinen' - ] ], 'partial' => [ 'not_found_name' => "Osiota ':name' ei löydy." diff --git a/modules/backend/lang/fr/lang.php b/modules/backend/lang/fr/lang.php index 95269b20a..ffb2bb1ee 100644 --- a/modules/backend/lang/fr/lang.php +++ b/modules/backend/lang/fr/lang.php @@ -27,9 +27,6 @@ return [ 'help' => 'Une base de données est requise pour l’accès à l’interface d’administration. Veuillez vérifier que la base de données existe et que les migrations ont été effectuées avant de ré-essayer.', 'cms_link' => 'Retour à l’accueil' ], - 'invalid_token' => [ - 'label' => 'La clé de sécurité est invalide' - ] ], 'partial' => [ 'not_found_name' => 'Le modèle partiel ":name" est introuvable.' diff --git a/modules/backend/lang/hu/lang.php b/modules/backend/lang/hu/lang.php index 74f9e721f..95380149b 100644 --- a/modules/backend/lang/hu/lang.php +++ b/modules/backend/lang/hu/lang.php @@ -32,9 +32,6 @@ return [ 'help' => 'Kérjük ellenőrizze a hozzáférési adatok helyességét majd próbálja újra betölteni az oldalt.', 'cms_link' => 'Vissza a weboldalra' ], - 'invalid_token' => [ - 'label' => 'A biztonsági kód érvényessége lejárt. Kérjük töltse be újra az oldalt.' - ] ], 'partial' => [ 'not_found_name' => "A(z) ':name' részlap nem található.", diff --git a/modules/backend/lang/it/lang.php b/modules/backend/lang/it/lang.php index 55b2b0518..022bdbb33 100644 --- a/modules/backend/lang/it/lang.php +++ b/modules/backend/lang/it/lang.php @@ -19,9 +19,6 @@ return [ 'help' => "Non hai le autorizzazioni necessarie per accedere a questa pagina.", 'cms_link' => 'Ritorna al pannello di controllo' ], - 'invalid_token' => [ - 'label' => 'Token di protezione non valido' - ] ], 'partial' => [ 'not_found_name' => "La vista parziale ':name' non è stata trovata." diff --git a/modules/backend/lang/kr/lang.php b/modules/backend/lang/kr/lang.php index 3aeec1250..4a152dce3 100644 --- a/modules/backend/lang/kr/lang.php +++ b/modules/backend/lang/kr/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "백엔드에 접속하기 위해선 DB가 필요합니다. 다시 접속하시기 전에 DB가 정상적으로 설정및 이전되었는지 확인해주세요.", 'cms_link' => '홈페이지로 돌아가기' ], - 'invalid_token' => [ - 'label' => '잘못된 보안 토큰' - ] ], 'partial' => [ 'not_found_name' => "':name' 페이지를 찾을 수 없습니다.", diff --git a/modules/backend/lang/lt/lang.php b/modules/backend/lang/lt/lang.php index 251023e6e..cd8ffc1ba 100644 --- a/modules/backend/lang/lt/lang.php +++ b/modules/backend/lang/lt/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "Duomenų bazė reikalinga administracijos prieigai. Patikrinkite duomenų bazės konfigūraciją bei migracijas ir bandykite dar kartą.", 'cms_link' => 'Grįžti į svetainę' ], - 'invalid_token' => [ - 'label' => 'Netinkama saugos žyma' - ] ], 'partial' => [ 'not_found_name' => "Priedėlis ':name' nerastas." diff --git a/modules/backend/lang/lv/lang.php b/modules/backend/lang/lv/lang.php index 56e7d8e80..f70737694 100644 --- a/modules/backend/lang/lv/lang.php +++ b/modules/backend/lang/lv/lang.php @@ -19,9 +19,6 @@ return [ 'help' => "Jums nav piekļuves tiesību, lai skatītu šo lapu.", 'cms_link' => 'Atgriezties back-end' ], - 'invalid_token' => [ - 'label' => 'Nederīga drošības atslēga' - ] ], 'partial' => [ 'not_found_name' => "Daļa ':name' nav atrasta." diff --git a/modules/backend/lang/nb-no/lang.php b/modules/backend/lang/nb-no/lang.php index 177eaa2ba..717418570 100644 --- a/modules/backend/lang/nb-no/lang.php +++ b/modules/backend/lang/nb-no/lang.php @@ -24,9 +24,6 @@ return [ 'help' => "En database kreves for å koble til backend. Sjekk at databasetilgang er konfigurert og migrert før du prøver igjen.", 'cms_link' => 'Tilbake til hovedsiden' ], - 'invalid_token' => [ - 'label' => 'Ugyldig sikkerhets-token' - ] ], 'partial' => [ 'not_found_name' => "En partial ved navn ':name' ble ikke funnet." diff --git a/modules/backend/lang/nl/lang.php b/modules/backend/lang/nl/lang.php index 010fe77ba..2baf4a614 100644 --- a/modules/backend/lang/nl/lang.php +++ b/modules/backend/lang/nl/lang.php @@ -32,9 +32,6 @@ return [ 'help' => 'Een database is nodig om toegang te krijgen tot de back-end. Controleer of de database juist is geconfigureerd en probeer het opnieuw.', 'cms_link' => 'Terug naar homepagina', ], - 'invalid_token' => [ - 'label' => 'Ongeldig token', - ], ], 'partial' => [ 'not_found_name' => "Het sjabloon (partial) ':name' is niet gevonden.", diff --git a/modules/backend/lang/pl/lang.php b/modules/backend/lang/pl/lang.php index 369a48fd9..a0e67dd32 100644 --- a/modules/backend/lang/pl/lang.php +++ b/modules/backend/lang/pl/lang.php @@ -24,9 +24,6 @@ return [ 'help' => 'Baza danych jest wymagana do dostępu do panelu administracyjnego. Sprawdz czy baza danych jest prawidłowo skonfigurowana i zmigrowana przed ponowną próbą.', 'cms_link' => 'Powrót do strony głównej', ], - 'invalid_token' => [ - 'label' => 'Nieprawidłowy żeton bezpieczeństwa', - ], ], 'partial' => [ 'not_found_name' => "Blok ':name' nie został odnaleziony.", diff --git a/modules/backend/lang/pt-br/lang.php b/modules/backend/lang/pt-br/lang.php index d8da04b89..039d6d649 100644 --- a/modules/backend/lang/pt-br/lang.php +++ b/modules/backend/lang/pt-br/lang.php @@ -32,9 +32,6 @@ return [ 'help' => "Um banco de dados é necessário para acessar o back-end. Verifique se o banco de dados está configurado e migrou antes de tentar novamente.", 'cms_link' => 'Retornar para a página inicial', ], - 'invalid_token' => [ - 'label' => 'Token de segurança inválido' - ] ], 'partial' => [ 'not_found_name' => 'O bloco ":name" não foi encontrado.', diff --git a/modules/backend/lang/pt-pt/lang.php b/modules/backend/lang/pt-pt/lang.php index a0b801732..8cbbf3783 100644 --- a/modules/backend/lang/pt-pt/lang.php +++ b/modules/backend/lang/pt-pt/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "Uma base de dados é necessária para acesso ao back-end. Verifique se a base dados se encontra configurada e migrada antes de tentar novamente.", 'cms_link' => 'Regressar á página inicial' ], - 'invalid_token' => [ - 'label' => 'Token de segurança inválido' - ] ], 'partial' => [ 'not_found_name' => 'O bloco ":name" não foi encontrado.', diff --git a/modules/backend/lang/ru/lang.php b/modules/backend/lang/ru/lang.php index 40daacacb..1d5e63f84 100644 --- a/modules/backend/lang/ru/lang.php +++ b/modules/backend/lang/ru/lang.php @@ -27,9 +27,6 @@ return [ 'help' => "Для доступа к серверу требуется база данных. Проверьте, что база данных настроена и перенесена, прежде чем повторять попытку.", 'cms_link' => 'Вернуться на главную страницу' ], - 'invalid_token' => [ - 'label' => 'Неверный токен безопасности' - ], ], 'partial' => [ 'not_found_name' => 'Не удалось найти шаблон (partial) с именем :name.' diff --git a/modules/backend/lang/sk/lang.php b/modules/backend/lang/sk/lang.php index 56d9424c1..58812061a 100644 --- a/modules/backend/lang/sk/lang.php +++ b/modules/backend/lang/sk/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "Pre prístup do administrácie je potrebná databáza. Zkontrolujte, či je databáza nakonfigurovaná a zmigrovaná a skúste to znova.", 'cms_link' => 'Späť na úvodnú stránku' ], - 'invalid_token' => [ - 'label' => 'Neplatný bezpečnostný token' - ] ], 'partial' => [ 'not_found_name' => "Čiastočná šablona ':name' nebola nájdená." diff --git a/modules/backend/lang/sv/lang.php b/modules/backend/lang/sv/lang.php index 6399be137..2557d7fd7 100644 --- a/modules/backend/lang/sv/lang.php +++ b/modules/backend/lang/sv/lang.php @@ -19,9 +19,6 @@ return [ 'help' => "Du har inte behörighet att visa den här sidan.", 'cms_link' => "Gå till CMS backend", ], - 'invalid_token' => [ - 'label' => 'Ogiltig säkerhetstoken' - ], ], 'partial' => [ 'not_found_name' => "En partial med namn ':name' kunde inte hittas", diff --git a/modules/backend/lang/th/lang.php b/modules/backend/lang/th/lang.php index 6dae203a4..e1faaab90 100644 --- a/modules/backend/lang/th/lang.php +++ b/modules/backend/lang/th/lang.php @@ -29,9 +29,6 @@ return [ 'help' => "จำเป็นต้องมีฐานข้อมูลในการเข้าถึงหน้าเว็บหลังบ้าน ตรวจสอบว่าฐานข้อมูลได้ถูกตั้งค่าและโอนย้ายก่อนลองอีกครั้ง", 'cms_link' => 'กลับสู่หน้าเว็บหลัก', ], - 'invalid_token' => [ - 'label' => 'โทเค็นความปลอดภัยไม่ถูกต้อง', - ], ], 'partial' => [ 'not_found_name' => "ไม่พบส่วนย่อย ':name'", diff --git a/modules/backend/lang/tr/lang.php b/modules/backend/lang/tr/lang.php index 781be07c6..685a3e549 100644 --- a/modules/backend/lang/tr/lang.php +++ b/modules/backend/lang/tr/lang.php @@ -27,9 +27,6 @@ return [ 'help' => "Yönetim paneline erişebilmeniz için geçerli bir veritabanı yapılandırması yapmalısınız. Lütfen ayarların kontrol edin.", 'cms_link' => 'Anasayfaya dön', ], - 'invalid_token' => [ - 'label' => 'Geçersiz güvenlik anahtarı' - ], ], 'partial' => [ 'not_found_name' => "':name' bölümü bulunamadı.", diff --git a/modules/backend/lang/uk/lang.php b/modules/backend/lang/uk/lang.php index 4b0a1cb02..4972a1830 100644 --- a/modules/backend/lang/uk/lang.php +++ b/modules/backend/lang/uk/lang.php @@ -25,9 +25,6 @@ return [ 'help' => 'Для доступу до back-end - потрібна база данних. Перевірте, налаштування та міграції бази данних, перш ніж спробувати знову.', 'cms_link' => 'Повернутися на домашню сторінку' ], - 'invalid_token' => [ - 'label' => 'Неправильний токен безпеки' - ], ], 'partial' => [ 'not_found_name' => "Частину ':name' не знайдено.", diff --git a/modules/backend/lang/vn/lang.php b/modules/backend/lang/vn/lang.php index 7f4e9db88..3eb139430 100644 --- a/modules/backend/lang/vn/lang.php +++ b/modules/backend/lang/vn/lang.php @@ -25,9 +25,6 @@ return [ 'help' => "Bắt buộc phải có 1 database để truy cập vào trang quản trị. Kiểm tra lại cấu hình database và migrated trước khi thử lại.", 'cms_link' => 'Quay lại trang chủ' ], - 'invalid_token' => [ - 'label' => 'Security token không hợp lệ' - ] ], 'partial' => [ 'not_found_name' => "Không tìm thấy partial ':name'." diff --git a/modules/backend/lang/zh-cn/lang.php b/modules/backend/lang/zh-cn/lang.php index 705ad9995..eccff193a 100644 --- a/modules/backend/lang/zh-cn/lang.php +++ b/modules/backend/lang/zh-cn/lang.php @@ -32,9 +32,6 @@ return [ 'help' => "需要数据库以访问后端。请在再次尝试之前检查数据库的配置和迁移。", 'cms_link' => '返回首页' ], - 'invalid_token' => [ - 'label' => '非法安全令牌' - ] ], 'partial' => [ 'not_found_name' => "未找到部件 ':name' ", diff --git a/modules/cms/classes/Controller.php b/modules/cms/classes/Controller.php index 1887c6811..239c46a33 100644 --- a/modules/cms/classes/Controller.php +++ b/modules/cms/classes/Controller.php @@ -194,8 +194,7 @@ class Controller if ($event = $this->fireSystemEvent('cms.page.beforeDisplay', [$url, $page])) { if ($event instanceof Page) { $page = $event; - } - else { + } else { return $event; } } @@ -380,7 +379,6 @@ class Controller if ( $useAjax && ($handler = post('_handler')) && - $this->verifyCsrfToken() && ($handlerResponse = $this->runAjaxHandler($handler)) && $handlerResponse !== true ) { @@ -804,6 +802,13 @@ class Controller */ protected function runAjaxHandler($handler) { + /* + * Check security token. + */ + if (!$this->verifyCsrfToken()) { + return Response::make(Lang::get('system::lang.page.invalid_token.label'), 403); + } + /** * @event cms.ajax.beforeRunHandler * Provides an opportunity to modify an AJAX request diff --git a/modules/system/lang/be/lang.php b/modules/system/lang/be/lang.php index 8aa27bbc2..7f343b03d 100644 --- a/modules/system/lang/be/lang.php +++ b/modules/system/lang/be/lang.php @@ -14,6 +14,11 @@ return [ 'combiner' => [ 'not_found' => "Аб'яднальны файл \":name\" не знойдзены" ], + 'page' => [ + 'invalid_token' => [ + 'label' => "Няправільны токен бяспекі", + ], + ], 'system' => [ 'name' => "Сістэма", 'menu_label' => "Сістэма", diff --git a/modules/system/lang/bg/lang.php b/modules/system/lang/bg/lang.php index 4d8975e1e..71abe8399 100644 --- a/modules/system/lang/bg/lang.php +++ b/modules/system/lang/bg/lang.php @@ -13,6 +13,11 @@ return [ 'combiner' => [ 'not_found' => "Комбинираният файл ':name' не е намерен." ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Невалиден код за сигурност (token)', + ], + ], 'system' => [ 'name' => 'Система', 'menu_label' => 'Система', diff --git a/modules/system/lang/cs/lang.php b/modules/system/lang/cs/lang.php index d784236d4..223ba3fad 100644 --- a/modules/system/lang/cs/lang.php +++ b/modules/system/lang/cs/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'Nelze vytvořit soubor: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Neplatný bezpečnostní token', + ], + ], 'combiner' => [ 'not_found' => "Slučující soubor ':name' nebyl nalezen." ], diff --git a/modules/system/lang/da/lang.php b/modules/system/lang/da/lang.php index a3b67fc7c..56d331295 100644 --- a/modules/system/lang/da/lang.php +++ b/modules/system/lang/da/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'Kan ikke oprette filen: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Ugyldig sikkerhedstoken', + ], + ], 'combiner' => [ 'not_found' => "Kombineringsfilen ':name', kunne ikke findes." ], diff --git a/modules/system/lang/de/lang.php b/modules/system/lang/de/lang.php index a6879121a..93211b7d1 100644 --- a/modules/system/lang/de/lang.php +++ b/modules/system/lang/de/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => "Konnte Datei :name nicht erstellen", ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Ungültiges Sicherheitstoken', + ], + ], 'combiner' => [ 'not_found' => "Die combiner Datei ':name' wurde nicht gefunden.", ], diff --git a/modules/system/lang/el/lang.php b/modules/system/lang/el/lang.php index ddc20359a..c7af88974 100644 --- a/modules/system/lang/el/lang.php +++ b/modules/system/lang/el/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'Δεν είναι δυνατή η δημιουργία του αρχείου: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Μη έγκυρο διακριτικό ασφαλείας', + ], + ], 'combiner' => [ 'not_found' => "Το αρχείο συγχώνευσης ':name' δεν βρέθηκε." ], diff --git a/modules/system/lang/en/lang.php b/modules/system/lang/en/lang.php index 58863539b..028f5feed 100644 --- a/modules/system/lang/en/lang.php +++ b/modules/system/lang/en/lang.php @@ -461,6 +461,9 @@ return [ 'label' => 'Page error', 'help' => "We're sorry, but something went wrong and the page cannot be displayed." ], + 'invalid_token' => [ + 'label' => 'Invalid security token', + ], 'maintenance' => [ 'label' => "We'll be right back!", 'help' => "We're currently down for maintenance, check back soon!", diff --git a/modules/system/lang/es/lang.php b/modules/system/lang/es/lang.php index 20dd9a12f..e59853cd8 100644 --- a/modules/system/lang/es/lang.php +++ b/modules/system/lang/es/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'No es posible crear el archivo: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Token de seguridad invalido', + ], + ], 'combiner' => [ 'not_found' => "El archivo combinador ':name' no se encuentra." ], diff --git a/modules/system/lang/et/lang.php b/modules/system/lang/et/lang.php index 3111bda46..5ca2e0542 100644 --- a/modules/system/lang/et/lang.php +++ b/modules/system/lang/et/lang.php @@ -47,6 +47,11 @@ return [ 'file' => [ 'create_fail' => 'Faili :name ei õnnestunud luua' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Vigane turvamärk', + ], + ], 'combiner' => [ 'not_found' => "Ühendaja faili ':name' ei leitud." ], diff --git a/modules/system/lang/fa/lang.php b/modules/system/lang/fa/lang.php index d08bbf13e..ef6472bd6 100644 --- a/modules/system/lang/fa/lang.php +++ b/modules/system/lang/fa/lang.php @@ -50,6 +50,11 @@ return [ 'file' => [ 'create_fail' => 'مشکلی در ایجاد فایل :name به وجود آمده است', ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'کلید امنیتی معتبر نمی باشد', + ], + ], 'combiner' => [ 'not_found' => "فایل ترکیب کننده ':name' یافت نشد.", ], diff --git a/modules/system/lang/fi/lang.php b/modules/system/lang/fi/lang.php index 67e1d9238..2add07a9f 100644 --- a/modules/system/lang/fi/lang.php +++ b/modules/system/lang/fi/lang.php @@ -50,6 +50,11 @@ return [ 'file' => [ 'create_fail' => 'Ei voida luoda tiedostoa: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Token on virheellinen', + ], + ], 'combiner' => [ 'not_found' => "Yhdistelmätiedostoa ':name' ei löydy." ], diff --git a/modules/system/lang/fr/lang.php b/modules/system/lang/fr/lang.php index 67fdfced3..1fdd767e8 100644 --- a/modules/system/lang/fr/lang.php +++ b/modules/system/lang/fr/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => "Impossible de créer le fichier : :name", ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'La clé de sécurité est invalide', + ], + ], 'combiner' => [ 'not_found' => "Le fichier combiné ':name' est introuvable.", ], diff --git a/modules/system/lang/hu/lang.php b/modules/system/lang/hu/lang.php index 599b5709f..c6543ba7c 100644 --- a/modules/system/lang/hu/lang.php +++ b/modules/system/lang/hu/lang.php @@ -413,7 +413,10 @@ return [ 'custom_error' => [ 'label' => 'Laphiba', 'help' => 'Sajnáljuk, de hiba történt, ezért az oldal nem megjeleníthető.' - ] + ], + 'invalid_token' => [ + 'label' => 'A biztonsági kód érvényessége lejárt. Kérjük töltse be újra az oldalt.', + ], ], 'pagination' => [ 'previous' => 'Előző', diff --git a/modules/system/lang/it/lang.php b/modules/system/lang/it/lang.php index 59aabc540..98eecf573 100644 --- a/modules/system/lang/it/lang.php +++ b/modules/system/lang/it/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'Impossibile creare il file: :name', ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Token di protezione non valido', + ], + ], 'combiner' => [ 'not_found' => "Il file combinatore ':name' non è stato trovato.", ], diff --git a/modules/system/lang/kr/lang.php b/modules/system/lang/kr/lang.php index 3e2ed433a..9395ac79a 100644 --- a/modules/system/lang/kr/lang.php +++ b/modules/system/lang/kr/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => "파일 ':name'을 작성할 수 없습니다.", ], + 'page' => [ + 'invalid_token' => [ + 'label' => '잘못된 보안 토큰', + ], + ], 'combiner' => [ 'not_found' => "combiner파일 ':name'을 발견할 수 없습니다.", ], diff --git a/modules/system/lang/lt/lang.php b/modules/system/lang/lt/lang.php index fd4dbd991..0e481812e 100644 --- a/modules/system/lang/lt/lang.php +++ b/modules/system/lang/lt/lang.php @@ -46,6 +46,11 @@ return [ 'file' => [ 'create_fail' => 'Negalime sukurti failo: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Netinkama saugos žyma', + ], + ], 'combiner' => [ 'not_found' => "Bendrintojo failas ':name' nerastas." ], diff --git a/modules/system/lang/lv/lang.php b/modules/system/lang/lv/lang.php index 7b7629ab0..f3fa119d3 100644 --- a/modules/system/lang/lv/lang.php +++ b/modules/system/lang/lv/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'Nevar izveidot failu: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Nederīga drošības atslēga', + ], + ], 'combiner' => [ 'not_found' => "Kombināciju fails ':name' netika atrasts." ], diff --git a/modules/system/lang/nb-no/lang.php b/modules/system/lang/nb-no/lang.php index 6681f46d1..888442873 100644 --- a/modules/system/lang/nb-no/lang.php +++ b/modules/system/lang/nb-no/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'Kan ikke opprette filen: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Ugyldig sikkerhets-token', + ], + ], 'combiner' => [ 'not_found' => "Kombinasjonsfilen ':name' ble ikke funnet." ], diff --git a/modules/system/lang/nl/lang.php b/modules/system/lang/nl/lang.php index bf322d369..42d8ceec4 100644 --- a/modules/system/lang/nl/lang.php +++ b/modules/system/lang/nl/lang.php @@ -53,6 +53,11 @@ return [ 'file' => [ 'create_fail' => 'Bestand aanmaken mislukt: :name', ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Ongeldig token', + ], + ], 'combiner' => [ 'not_found' => "Het samenvoegbestand ':name' is niet gevonden.", ], diff --git a/modules/system/lang/pl/lang.php b/modules/system/lang/pl/lang.php index 0d6cc12a0..3a1f13714 100644 --- a/modules/system/lang/pl/lang.php +++ b/modules/system/lang/pl/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'Nie można stworzyć pliku: :name', ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Nieprawidłowy żeton bezpieczeństwa', + ], + ], 'combiner' => [ 'not_found' => "Połączony plik ':name' nie istnieje.", ], diff --git a/modules/system/lang/pt-br/lang.php b/modules/system/lang/pt-br/lang.php index 0fbb64195..6f080515c 100644 --- a/modules/system/lang/pt-br/lang.php +++ b/modules/system/lang/pt-br/lang.php @@ -418,6 +418,9 @@ return [ 'label' => 'Erro de página', 'help' => "Desculpe, mas algo deu errado e a página não pode ser exibida." ], + 'invalid_token' => [ + 'label' => 'Token de segurança inválido', + ], ], 'pagination' => [ 'previous' => 'Anterior', diff --git a/modules/system/lang/pt-pt/lang.php b/modules/system/lang/pt-pt/lang.php index 38844dc19..e534d21c1 100644 --- a/modules/system/lang/pt-pt/lang.php +++ b/modules/system/lang/pt-pt/lang.php @@ -46,6 +46,11 @@ return [ 'file' => [ 'create_fail' => 'Não é possível criar o ficheiro: :name', ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Token de segurança inválido', + ], + ], 'combiner' => [ 'not_found' => 'O ficheiro combinador ":name" não foi encontrado.', ], diff --git a/modules/system/lang/ru/lang.php b/modules/system/lang/ru/lang.php index 76d0e59c0..50477359b 100644 --- a/modules/system/lang/ru/lang.php +++ b/modules/system/lang/ru/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'Невозможно создать файл: :name', ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Неверный токен безопасности', + ], + ], 'combiner' => [ 'not_found' => "Сборщик ресурсов не может найти файл ':name'.", ], diff --git a/modules/system/lang/sk/lang.php b/modules/system/lang/sk/lang.php index aef8a48fb..18e32360e 100644 --- a/modules/system/lang/sk/lang.php +++ b/modules/system/lang/sk/lang.php @@ -51,6 +51,11 @@ return [ 'file' => [ 'create_fail' => 'Nie je možné vytvoriť súbor: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Neplatný bezpečnostný token', + ], + ], 'combiner' => [ 'not_found' => "Zlučujúci súbor ':name' nebol nájdený." ], diff --git a/modules/system/lang/sv/lang.php b/modules/system/lang/sv/lang.php index bbf60c5fc..daa19b8f2 100644 --- a/modules/system/lang/sv/lang.php +++ b/modules/system/lang/sv/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => "Kunde inte skapa fil: :name", ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Ogiltig säkerhetstoken', + ], + ], 'combiner' => [ 'not_found' => "Kombinationsfilen ':name' kunde ej hittas", ], diff --git a/modules/system/lang/th/lang.php b/modules/system/lang/th/lang.php index f5945f68d..5a9f43276 100644 --- a/modules/system/lang/th/lang.php +++ b/modules/system/lang/th/lang.php @@ -420,6 +420,9 @@ return [ 'message' => "ข้อความ:", 'available_at' => "ลองใหม่อีกครั้งหลังจาก:", ], + 'invalid_token' => [ + 'label' => 'โทเค็นความปลอดภัยไม่ถูกต้อง', + ], ], 'pagination' => [ 'previous' => 'ก่อนหน้า', diff --git a/modules/system/lang/tr/lang.php b/modules/system/lang/tr/lang.php index e7ca77227..38521a03a 100644 --- a/modules/system/lang/tr/lang.php +++ b/modules/system/lang/tr/lang.php @@ -53,6 +53,11 @@ return [ 'file' => [ 'create_fail' => "Dosya oluşturulamıyor: :name", ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Geçersiz güvenlik anahtarı', + ], + ], 'combiner' => [ 'not_found' => "Kombine dosyası: ':name' bulunamadı.", ], diff --git a/modules/system/lang/uk/lang.php b/modules/system/lang/uk/lang.php index 44715c6df..c86eeed3c 100644 --- a/modules/system/lang/uk/lang.php +++ b/modules/system/lang/uk/lang.php @@ -11,6 +11,11 @@ return [ 'file' => [ 'create_fail' => 'Неможливо створити файл: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Неправильний токен безпеки', + ], + ], 'combiner' => [ 'not_found' => "Складальник ресурсів не може знайти файл ':name'.", ], diff --git a/modules/system/lang/vn/lang.php b/modules/system/lang/vn/lang.php index ac6fe72f2..c828f908e 100644 --- a/modules/system/lang/vn/lang.php +++ b/modules/system/lang/vn/lang.php @@ -51,6 +51,11 @@ return [ 'file' => [ 'create_fail' => 'Không thể tạo file: :name' ], + 'page' => [ + 'invalid_token' => [ + 'label' => 'Security token không hợp lệ', + ], + ], 'combiner' => [ 'not_found' => "Không tìm thấy combiner file ':name'." ], diff --git a/modules/system/lang/zh-cn/lang.php b/modules/system/lang/zh-cn/lang.php index 75f3a48d7..222cb73b9 100644 --- a/modules/system/lang/zh-cn/lang.php +++ b/modules/system/lang/zh-cn/lang.php @@ -370,6 +370,9 @@ return [ 'label' => '页面错误', 'help' => "抱歉,页面因为一些错误导致无法显示" ], + 'invalid_token' => [ + 'label' => '非法安全令牌', + ], ], 'pagination' => [ 'previous' => '上一页',