[s] Adds a security token to all admin hrefs
This commit is contained in:
committed by
CitadelStationBot
parent
d35717e1ab
commit
92b78d3298
@@ -1,3 +1,16 @@
|
||||
/datum/admins/proc/CheckAdminHref(href, href_list)
|
||||
var/auth = href_list["admin_token"]
|
||||
. = auth && auth != href_token && auth != GLOB.href_token
|
||||
if(.)
|
||||
return
|
||||
var/msg = !auth ? "no" : "a bad"
|
||||
message_admins("[key_name_admin(usr)] clicked an href with [msg] authorization key!")
|
||||
if(config.debug_admin_hrefs)
|
||||
message_admins("Debug mode enabled, call not blocked. Please ask your coders to review this round's logs.")
|
||||
log_world("UAH: [href]")
|
||||
return TRUE
|
||||
log_admin_private("[key_name(usr)] clicked an href with [msg] authorization key! [href]")
|
||||
|
||||
/datum/admins/Topic(href, href_list)
|
||||
..()
|
||||
|
||||
@@ -5,6 +18,10 @@
|
||||
message_admins("[usr.key] has attempted to override the admin panel!")
|
||||
log_admin("[key_name(usr)] tried to use the admin panel without authorization.")
|
||||
return
|
||||
|
||||
if(!CheckAdminHref(href, href_list))
|
||||
return
|
||||
|
||||
if(href_list["ahelp"])
|
||||
if(!check_rights(R_ADMIN, TRUE))
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user