fix csrf / spam error

TobiasKrais · TobiasKrais · commit 8ff5928f3eb8 · 2023-05-22T20:13:51.000+02:00
diff --git a/help.php b/help.php
@@ -1,5 +1,6 @@
 <?php
 $readmePath = rex_path::addon('d2u_guestbook', 'README.md');
 $readmeContent = rex_file::get($readmePath);
-$readmeHtml = rex_markdown::factory()->parse($readmeContent);
-echo $readmeHtml;
+if(null !== $readmeContent) {
+    echo rex_markdown::factory()->parse($readmeContent);
+}
diff --git a/install.php b/install.php
@@ -25,13 +25,13 @@
     $modules = [];
     $modules[] = new D2UModule('60-1',
         'D2U Guestbook - Gästebuch mit Bootstrap 4 Tabs',
-        14);
+        15);
     $modules[] = new D2UModule('60-2',
         'D2U Guestbook - Infobox Bewertung',
         4);
     $modules[] = new D2UModule('60-3',
         'D2U Guestbook - Gästebuch ohne Tabs',
-        11);
+        12);
     $d2u_module_manager = new D2UModuleManager($modules, '', 'd2u_guestbook');
     $d2u_module_manager->autoupdate();
 }
diff --git a/lib/d2u_guestbook_module_manager.php b/lib/d2u_guestbook_module_manager.php
@@ -15,13 +15,13 @@ public static function getModules()
         $modules = [];
         $modules[] = new D2UModule('60-1',
             'D2U Guestbook - Gästebuch mit Bootstrap 4 Tabs',
-            14);
+            15);
         $modules[] = new D2UModule('60-2',
             'D2U Guestbook - Infobox Bewertung',
             4);
         $modules[] = new D2UModule('60-3',
             'D2U Guestbook - Gästebuch ohne Tabs',
-            11);
+            12);
         return $modules;
     }
 }
diff --git a/modules/60/1/output.php b/modules/60/1/output.php
@@ -192,11 +192,10 @@ function d2u_guestbook_module_60_1_click_stars(wert) {
 
 $yform = new rex_yform();
 $yform->setFormData(trim($form_data));
-$yform->setObjectparams('csrf_protection', false);
 $yform->setObjectparams('Error-occured', $tag_open .'d2u_guestbook_form_validate_title'. $tag_close);
 $yform->setObjectparams('form_action', rex_getUrl(rex_article::getCurrentId()));
 $yform->setObjectparams('form_anchor', 'tab_write');
-$yform->setObjectparams('form_name', 'd2u_guestbook_module_60_1_'. random_int(1, 100));
+$yform->setObjectparams('form_name', 'd2u_guestbook_module_60_1_'. $this->getCurrentSlice()->getId()); /** @phpstan-ignore-line */
 $yform->setObjectparams('real_field_names', true);
 
 // action - showtext
diff --git a/modules/60/3/output.php b/modules/60/3/output.php
@@ -79,10 +79,9 @@ function d2u_guestbook_module_60_3_click_stars(wert) {
 
     $yform = new rex_yform();
     $yform->setFormData(trim($form_data));
-    $yform->setObjectparams('csrf_protection', false);
     $yform->setObjectparams('Error-occured', $tag_open .'d2u_guestbook_form_validate_title'. $tag_close);
     $yform->setObjectparams('form_action', rex_getUrl(rex_article::getCurrentId(), null, ['entry' => 'add']));
-    $yform->setObjectparams('form_name', 'd2u_guestbook_module_60_3_'. random_int(1, 100));
+    $yform->setObjectparams('form_name', 'd2u_guestbook_module_60_3_'. $this->getCurrentSlice()->getId()); /** @phpstan-ignore-line */
     $yform->setObjectparams('real_field_names', true);
 
     // action - showtext
diff --git a/pages/setup.php b/pages/setup.php
@@ -57,9 +57,10 @@
 <h2>Support</h2>
 <p>Fehlermeldungen bitte im <a href="https://github.com/TobiasKrais/d2u_guestbook" target="_blank">GitHub Repository</a> melden.</p>
 <h2>Changelog</h2>
-<p>1.0.12-DEV:</p>
+<p>1.0.12:</p>
 <ul>
-	<li>...</li>
+	<li>Modul "60-1 D2U Guestbook - Gästebuch mit Bootstrap 4 Tabs": Fehler im Spamschutz und CSRF Schutz behoben.</li>
+	<li>Modul "60-3 D2U Guestbook - Gästebuch ohne Tabs": Fehler im Spamschutz und CSRF Schutz behoben.</li>
 </ul>
 <p>1.0.11:</p>
 <ul>
