lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

Bugfixes theme changer page

main
Yasen Pramatarov 2025-05-28 10:16:12 +03:00
parent 6617b3bb28
commit 522d84f203
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/pages/theme.php
View File

@ -9,6 +9,10 @@
* - switch_to: Changes the active theme for the current user * - switch_to: Changes the active theme for the current user
*/ */
// Initialize security
require_once '../app/helpers/security.php';
$security = SecurityHelper::getInstance();
// Only allow access to logged-in users // Only allow access to logged-in users
if (!Session::isValidSession()) { if (!Session::isValidSession()) {
header('Location: ' . $app_root . '?page=login'); header('Location: ' . $app_root . '?page=login');
@ -20,9 +24,6 @@ if (isset($_GET['switch_to'])) {
$themeName = $_GET['switch_to']; $themeName = $_GET['switch_to'];
// Validate CSRF token for state-changing operations // Validate CSRF token for state-changing operations
require_once '../app/helpers/security.php';
$security = SecurityHelper::getInstance();
if (!$security->verifyCsrfToken($_GET['csrf_token'] ?? '')) { if (!$security->verifyCsrfToken($_GET['csrf_token'] ?? '')) {
Feedback::flash('SECURITY', 'CSRF_INVALID'); Feedback::flash('SECURITY', 'CSRF_INVALID');
header("Location: $app_root?page=theme"); header("Location: $app_root?page=theme");