From 59edb05f49fed2b141da8d2ad130b6e704bc9649 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Sun, 29 Aug 2021 01:20:12 +0200
Subject: [PATCH] Proper way to fix CSRF in /edit/file/

---
 web/edit/file/index.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/web/edit/file/index.php b/web/edit/file/index.php
index b36a4656..931b861f 100644
--- a/web/edit/file/index.php
+++ b/web/edit/file/index.php
@@ -1,8 +1,5 @@
 <?php
 
-// Preventing CSRF
-prevent_post_csrf(true);
-
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 $user = $_SESSION['user'];
 
@@ -40,6 +37,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
         $content = '';
         $path = $_REQUEST['path'];
         if (!empty($_POST['save'])) {
+            // Check token
+            if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+                header('location: /login/');
+                exit();
+            }
+
             $fn = tempnam ('/tmp', 'vst-save-file-');
             if ($fn) {
                 $contents = $_POST['contents'];
@@ -76,7 +79,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
 <!-- input id="do-backup" type="button" onClick="javascript:void(0);" name="save" value="backup (ctrl+F2)" class="backup" / -->
 <input type="submit" name="save" value="Save" class="save" />
 
-
+<input type="hidden" id="token" name="token" value="<?=$_SESSION['token']?>">
 <textarea name="contents" class="editor" id="editor" rows="4" style="display:none;width: 100%; height: 100%;"><?=htmlentities($content)?></textarea>
 
 </form>
@@ -96,6 +99,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
     var makeBackup = function() {
         var params = {
             action: 'backup',
+            token: '<?=$_SESSION['token']?>',
             path:   '<?= $path ?>'
         };