[s] Adds a security token to all admin hrefs

This commit is contained in:
Jordan Brown
2017-09-08 22:15:53 -04:00
committed by CitadelStationBot
parent d35717e1ab
commit 92b78d3298
32 changed files with 1166 additions and 327 deletions
+17
View File
@@ -1,3 +1,16 @@
/datum/admins/proc/CheckAdminHref(href, href_list)
var/auth = href_list["admin_token"]
. = auth && auth != href_token && auth != GLOB.href_token
if(.)
return
var/msg = !auth ? "no" : "a bad"
message_admins("[key_name_admin(usr)] clicked an href with [msg] authorization key!")
if(config.debug_admin_hrefs)
message_admins("Debug mode enabled, call not blocked. Please ask your coders to review this round's logs.")
log_world("UAH: [href]")
return TRUE
log_admin_private("[key_name(usr)] clicked an href with [msg] authorization key! [href]")
/datum/admins/Topic(href, href_list)
..()
@@ -5,6 +18,10 @@
message_admins("[usr.key] has attempted to override the admin panel!")
log_admin("[key_name(usr)] tried to use the admin panel without authorization.")
return
if(!CheckAdminHref(href, href_list))
return
if(href_list["ahelp"])
if(!check_rights(R_ADMIN, TRUE))
return