From 335cebd4fd243e5d568fe52450da2d3e9417fd05 Mon Sep 17 00:00:00 2001
From: Th3R3p0 <th3r3p0@gmail.com>
Date: Wed, 23 Aug 2017 18:30:19 -0400
Subject: [PATCH] fixed CSRF issue as mentioned in
 https://github.com/claudehohl/Stikked/issues/435

---
 htdocs/themes/bootstrap/views/defaults/paste_form.php  | 8 ++++++++
 htdocs/themes/cleanwhite/views/defaults/paste_form.php | 8 ++++++++
 htdocs/themes/default/views/defaults/paste_form.php    | 9 +++++++++
 htdocs/themes/geocities/views/defaults/paste_form.php  | 8 ++++++++
 htdocs/themes/i386/views/defaults/paste_form.php       | 8 ++++++++
 htdocs/themes/stikkedizr/views/defaults/paste_form.php | 8 ++++++++
 6 files changed, 49 insertions(+)

diff --git a/htdocs/themes/bootstrap/views/defaults/paste_form.php b/htdocs/themes/bootstrap/views/defaults/paste_form.php
index d6fea40..23d3c22 100644
--- a/htdocs/themes/bootstrap/views/defaults/paste_form.php
+++ b/htdocs/themes/bootstrap/views/defaults/paste_form.php
@@ -125,6 +125,14 @@
 					<i class="icon-pencil icon-white"></i>
 					<?php echo lang('paste_create'); ?>
 				</button>
+				<?php
+				if ($this->config->item('csrf_protection') === TRUE)
+				{
+					if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+						echo '<input type="hidden" name="'.$this->config->item('csrf_token_name').'" value="'.html_escape($_COOKIE[$this->config->item('csrf_cookie_name')]).'" style="display:none;" />'."\n";
+					}
+				}
+				?>
 			</div>
 		</form>
 	</div>
diff --git a/htdocs/themes/cleanwhite/views/defaults/paste_form.php b/htdocs/themes/cleanwhite/views/defaults/paste_form.php
index f09b904..bd22ae8 100644
--- a/htdocs/themes/cleanwhite/views/defaults/paste_form.php
+++ b/htdocs/themes/cleanwhite/views/defaults/paste_form.php
@@ -133,5 +133,13 @@
 
 		<div><button type="submit" value="submit" name="submit"><?php echo lang('paste_create'); ?></button></div>
 		<div class="spacer"></div>
+		<?php
+		if ($this->config->item('csrf_protection') === TRUE)
+		{
+			if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+				echo '<input type="hidden" name="'.$this->config->item('csrf_token_name').'" value="'.html_escape($_COOKIE[$this->config->item('csrf_cookie_name')]).'" style="display:none;" />'."\n";
+			}
+		}
+		?>
 	</form>
 </div>
diff --git a/htdocs/themes/default/views/defaults/paste_form.php b/htdocs/themes/default/views/defaults/paste_form.php
index 5816287..594058b 100644
--- a/htdocs/themes/default/views/defaults/paste_form.php
+++ b/htdocs/themes/default/views/defaults/paste_form.php
@@ -131,6 +131,15 @@
 ?>
 
 		<div class="clear"><button type="submit" value="submit" name="submit"><?php echo lang('paste_create'); ?></button></div>
+		<?php
+		if ($this->config->item('csrf_protection') === TRUE)
+		{
+			if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+				echo '<input type="hidden" name="'.$this->config->item('csrf_token_name').'" value="'.html_escape($_COOKIE[$this->config->item('csrf_cookie_name')]).'" style="display:none;" />'."\n";
+			}
+		}
+		?>
 		<div class="spacer"></div>
+
 	</form>
 </div>
diff --git a/htdocs/themes/geocities/views/defaults/paste_form.php b/htdocs/themes/geocities/views/defaults/paste_form.php
index 376e100..00fa858 100644
--- a/htdocs/themes/geocities/views/defaults/paste_form.php
+++ b/htdocs/themes/geocities/views/defaults/paste_form.php
@@ -132,6 +132,14 @@
 					<?php echo lang('paste_create'); ?>
 				</button>
 			</div>
+			<?php
+			if ($this->config->item('csrf_protection') === TRUE)
+			{
+				if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+					echo '<input type="hidden" name="'.$this->config->item('csrf_token_name').'" value="'.html_escape($_COOKIE[$this->config->item('csrf_cookie_name')]).'" style="display:none;" />'."\n";
+				}
+			}
+			?>
 		</form>
 	</div>
 </div>
diff --git a/htdocs/themes/i386/views/defaults/paste_form.php b/htdocs/themes/i386/views/defaults/paste_form.php
index 766063e..7ed0dd2 100644
--- a/htdocs/themes/i386/views/defaults/paste_form.php
+++ b/htdocs/themes/i386/views/defaults/paste_form.php
@@ -134,6 +134,14 @@
 					<i class="icon-pencil icon-white"></i>
 					<?php echo lang('paste_create'); ?>
 				</button>
+				<?php
+				if ($this->config->item('csrf_protection') === TRUE)
+				{
+					if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+						echo '<input type="hidden" name="'.$this->config->item('csrf_token_name').'" value="'.html_escape($_COOKIE[$this->config->item('csrf_cookie_name')]).'" style="display:none;" />'."\n";
+					}
+				}
+				?>
 			</div>
 		</form>
 	</div>
diff --git a/htdocs/themes/stikkedizr/views/defaults/paste_form.php b/htdocs/themes/stikkedizr/views/defaults/paste_form.php
index 4849827..cb1ee9d 100644
--- a/htdocs/themes/stikkedizr/views/defaults/paste_form.php
+++ b/htdocs/themes/stikkedizr/views/defaults/paste_form.php
@@ -134,6 +134,14 @@
 					<?php echo lang('paste_create'); ?>
 				</button>
 			</div>
+			<?php
+			if ($this->config->item('csrf_protection') === TRUE)
+			{
+				if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+					echo '<input type="hidden" name="'.$this->config->item('csrf_token_name').'" value="'.html_escape($_COOKIE[$this->config->item('csrf_cookie_name')]).'" style="display:none;" />'."\n";
+				}
+			}
+			?>
 		</form>
 	</div>
 </div>