From 37597afee848c118c2ae5bfaa00d19e8278ce2fb Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Fri, 30 Dec 2022 12:52:03 +0100
Subject: [PATCH] check for correct admin referer on enable/disable plugin (see
 #64)

---
 admin/panels/plugin/admin.plugin.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/admin/panels/plugin/admin.plugin.php b/admin/panels/plugin/admin.plugin.php
index dded24f..e29d4df 100644
--- a/admin/panels/plugin/admin.plugin.php
+++ b/admin/panels/plugin/admin.plugin.php
@@ -53,6 +53,9 @@ class admin_plugin_default extends AdminPanelAction {
 	}
 
 	function dodisable($id) {
+		// at first: check if nonce was given correctly
+		check_admin_referer('admin_plugin_default_disable_' . $id);
+
 		$fp_plugins = $this->fp_plugins;
 
 		$success = -1;
@@ -78,6 +81,9 @@ class admin_plugin_default extends AdminPanelAction {
 	}
 
 	function doenable($id) {
+		// at first: check if nonce was given correctly
+		check_admin_referer('admin_plugin_default_enable_' . $id);
+
 		$success = -1;
 		$fp_plugins = $this->fp_plugins;