github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 21:04:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Proper way to fix CSRF in /edit/file/

Browse source
This commit is contained in:
myvesta 2021-08-29 01:20:12 +02:00 committed by GitHub
commit 59edb05f49
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
web/edit/file/index.php
View file

@ -1,8 +1,5 @@
<?php <?php
// Preventing CSRF
prevent_post_csrf(true);
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
$user = $_SESSION['user']; $user = $_SESSION['user'];
@ -40,6 +37,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
$content = ''; $content = '';
$path = $_REQUEST['path']; $path = $_REQUEST['path'];
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit();
}
$fn = tempnam ('/tmp', 'vst-save-file-'); $fn = tempnam ('/tmp', 'vst-save-file-');
if ($fn) { if ($fn) {
$contents = $_POST['contents']; $contents = $_POST['contents'];
@ -76,7 +79,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
<!-- input id="do-backup" type="button" onClick="javascript:void(0);" name="save" value="backup (ctrl+F2)" class="backup" / --> <!-- input id="do-backup" type="button" onClick="javascript:void(0);" name="save" value="backup (ctrl+F2)" class="backup" / -->
<input type="submit" name="save" value="Save" class="save" /> <input type="submit" name="save" value="Save" class="save" />
<input type="hidden" id="token" name="token" value="<?=$_SESSION['token']?>">
<textarea name="contents" class="editor" id="editor" rows="4" style="display:none;width: 100%; height: 100%;"><?=htmlentities($content)?></textarea> <textarea name="contents" class="editor" id="editor" rows="4" style="display:none;width: 100%; height: 100%;"><?=htmlentities($content)?></textarea>
</form> </form>
@ -96,6 +99,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
var makeBackup = function() { var makeBackup = function() {
var params = { var params = {
action: 'backup', action: 'backup',
token: '<?=$_SESSION['token']?>',
path: '<?= $path ?>' path: '<?= $path ?>'
}; };