From 1cd3fe9ced04bf25ed3a8adc1680c197c13f838a Mon Sep 17 00:00:00 2001
From: Moritz Strohm <strohm@data-quest.de>
Date: Wed, 4 Oct 2023 09:52:39 +0000
Subject: [PATCH] use CSRF protection when creating/editing/deleting an OER
 material, fixes #3268

Closes #3268

Merge request studip/studip!2210
---
 app/controllers/oer/mymaterial.php | 2 ++
 app/views/oer/market/details.php   | 1 +
 app/views/oer/mymaterial/edit.php  | 2 +-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/controllers/oer/mymaterial.php b/app/controllers/oer/mymaterial.php
index 7d327184264..27a949dd7f9 100644
--- a/app/controllers/oer/mymaterial.php
+++ b/app/controllers/oer/mymaterial.php
@@ -28,12 +28,14 @@ class Oer_MymaterialController extends AuthenticatedController
         $content_types = ['application/x-zip-compressed', 'application/zip', 'application/x-zip'];
         $tmp_folder = $GLOBALS['TMP_PATH'] . '/temp_folder_' . md5(uniqid());
         if (Request::submitted('delete') && Request::isPost()) {
+            CSRFProtection::verifyUnsafeRequest();
             $material->pushDataToIndexServers('delete');
             $material->delete();
             PageLayout::postSuccess(_('Das Material wurde gelöscht.'));
             $this->redirect('oer/market/index');
             return;
         } elseif (Request::isPost()) {
+            CSRFProtection::verifyUnsafeRequest();
             $was_new = $material->isNew();
             $was_on_twillo = (bool) $material['published_id_on_twillo'];
             $data = Request::getArray('data');
diff --git a/app/views/oer/market/details.php b/app/views/oer/market/details.php
index 6ec8378eae4..9e1c60ba368 100644
--- a/app/views/oer/market/details.php
+++ b/app/views/oer/market/details.php
@@ -73,6 +73,7 @@
         <? if (!$material['host_id'] && ($material->isMine() || $GLOBALS['perm']->have_perm("root"))) : ?>
             <?= \Studip\LinkButton::create(_('Bearbeiten'), $controller->link_for("oer/mymaterial/edit/".$material->getId()), ['data-dialog' => "1"]) ?>
             <form action="<?= $controller->link_for("oer/mymaterial/edit/".$material->getId()) ?>" method="post" style="display: inline;">
+                <?= CSRFProtection::tokenTag() ?>
                 <?= \Studip\Button::create(_('Löschen'), "delete", ['value' => 1, 'data-confirm' => _('Wirklich löschen?')]) ?>
             </form>
         <? endif ?>
diff --git a/app/views/oer/mymaterial/edit.php b/app/views/oer/mymaterial/edit.php
index 5d1238193f6..12c1676fea9 100644
--- a/app/views/oer/mymaterial/edit.php
+++ b/app/views/oer/mymaterial/edit.php
@@ -4,7 +4,7 @@
       onsubmit="$(window).off('beforeunload')"
       data-secure
       enctype="multipart/form-data">
-
+    <?= CSRFProtection::tokenTag() ?>
     <div class="oercampus_editmaterial">
         <fieldset>
             <legend><?= _('Grunddaten') ?></legend>
-- 
GitLab