github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 21:04:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix fox CSRF in /dowload/web-log/

Browse source
This commit is contained in:
myvesta 2021-09-04 12:55:40 +02:00
commit 63861e4ffd
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
web/download/web-log/index.php
View file

@ -3,6 +3,13 @@
error_reporting(NULL); error_reporting(NULL);
session_start(); session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('Location: /login/');
exit();
}
$v_domain = $_GET['domain']; $v_domain = $_GET['domain'];
$v_domain = escapeshellarg($_GET['domain']); $v_domain = escapeshellarg($_GET['domain']);
if ($_GET['type'] == 'access') $type = 'access'; if ($_GET['type'] == 'access') $type = 'access';

4
web/templates/admin/list_weblog.html
View file

@ -23,8 +23,8 @@
<div class="l-menu clearfix"> <div class="l-menu clearfix">
<div class="l-menu__item <?php if($_GET['type'] == 'access') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access"><?=__('AccessLog')?></a></div> <div class="l-menu__item <?php if($_GET['type'] == 'access') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access"><?=__('AccessLog')?></a></div>
<div class="l-menu__item <?php if($_GET['type'] == 'error') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error"><?=__('ErrorLog')?></a></div> <div class="l-menu__item <?php if($_GET['type'] == 'error') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error"><?=__('ErrorLog')?></a></div>
<div class="l-menu__item"><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access"><?=__('Download AccessLog')?></a></div> <div class="l-menu__item"><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access&token=<?=$_SESSION['token']?>"><?=__('Download AccessLog')?></a></div>
<div class="l-menu__item"><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error"><?=__('Download ErrorLog')?></a></div> <div class="l-menu__item"><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error&token=<?=$_SESSION['token']?>"><?=__('Download ErrorLog')?></a></div>
</div> </div>
<!-- /.l-menu --> <!-- /.l-menu -->
<div class="l-profile"> <div class="l-profile">