github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-05 20:41:53 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix for CSRF in FileManager and UploadHandler

Browse source
This commit is contained in:
myvesta 2021-09-04 15:31:34 +02:00
parent 63861e4ffd
commit 93de22a0b3
6 changed files with 29 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

5
web/download/file/index.php
View file

@ -1,6 +1,11 @@
<?php <?php
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
die("Wrong token or missing token");
}
if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY']))) { if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY']))) {
header("Location: /login/"); header("Location: /login/");
exit; exit;

7
web/file_manager/fm_api.php
View file

@ -3,15 +3,18 @@
//error_reporting(NULL); //error_reporting(NULL);
// Preventing CSRF // Preventing CSRF
prevent_post_csrf(true); // prevent_post_csrf(true);
header('Content-Type: application/json'); header('Content-Type: application/json');
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
include($_SERVER['DOCUMENT_ROOT']."/file_manager/fm_core.php"); include($_SERVER['DOCUMENT_ROOT']."/file_manager/fm_core.php");
// Check token
if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) {
die("Wrong token or missing token");
}
// todo: set in session?
if (empty($panel)) { if (empty($panel)) {
$command = VESTA_CMD."v-list-user '".$user."' 'json'"; $command = VESTA_CMD."v-list-user '".$user."' 'json'";
exec ($command, $output, $return_var); exec ($command, $output, $return_var);

2
web/js/app.js
View file

@ -797,6 +797,8 @@ App.Ajax.request = function(method, data, callback, onError){
}*/ }*/
//App.Helpers.setAjaxBusy(method, data); //App.Helpers.setAjaxBusy(method, data);
data = data || {}; data = data || {};
var token = $('#token').attr('token');
data.token = token;
var prgs = $('.progress-container'); var prgs = $('.progress-container');

13
web/js/file_manager.js
View file

@ -533,7 +533,8 @@ FM.downloadFileFromSubcontext = function(elm) {
var src = $.parseJSON($(elm).find('.source').val()); var src = $.parseJSON($(elm).find('.source').val());
var path = src.full_path; var path = src.full_path;
var win = window.open('/download/file/?path=' + path, '_blank'); var token = $('#token').attr('token');
var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank');
win.focus(); win.focus();
} }
@ -552,20 +553,21 @@ FM.openFile = function(dir, box, elm) {
}; };
App.Ajax.request('check_file_type', params, function(reply) { App.Ajax.request('check_file_type', params, function(reply) {
var token = $('#token').attr('token');
if (reply.result) { if (reply.result) {
if (FM.isFileEditable(src, reply.data)) { if (FM.isFileEditable(src, reply.data)) {
var myWindow = window.open('/edit/file/?path=' + src.full_path, '_blank');//, src.full_path, "width=900, height=700"); var myWindow = window.open('/edit/file/?token='+token+'&path=' + src.full_path, '_blank');//, src.full_path, "width=900, height=700");
} }
else { else {
var path = src.full_path; var path = src.full_path;
var win = window.open('/download/file/?path=' + path, '_blank'); var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank');
//win.focus(); //win.focus();
} }
} }
else { else {
// force download file // force download file
var path = src.full_path; var path = src.full_path;
var win = window.open('/download/file/?path=' + path, '_blank'); var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank');
//win.focus(); //win.focus();
} }
}); });
@ -1994,7 +1996,8 @@ FM.downloadFiles = function() {
} }
var path = src.full_path; var path = src.full_path;
var win = window.open('/download/file/?path=' + path, '_blank'); var token = $('#token').attr('token');
var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank');
win.focus(); win.focus();
} }

4
web/templates/file_manager/main.php
View file

@ -15,6 +15,7 @@
<script> GLOBAL = {}; </script> <script> GLOBAL = {}; </script>
</head> </head>
<body> <body>
<div class="hidden" id="token" token="<?=$_SESSION['token']?>"></div>
<a href="#" class="to-shortcuts"> <a href="#" class="to-shortcuts">
<i class="l-icon-shortcuts"></i> <i class="l-icon-shortcuts"></i>
</a> </a>
@ -145,6 +146,7 @@
var acc = $('<div>'); var acc = $('<div>');
$(['A', 'B']).each(function(k, letter) { $(['A', 'B']).each(function(k, letter) {
var url = '/upload/'; var url = '/upload/';
var token = $('#token').attr('token');
$('#file_upload_' + letter).fileupload({ $('#file_upload_' + letter).fileupload({
singleFileUploads: false, singleFileUploads: false,
add: function (e, data) { add: function (e, data) {
@ -154,7 +156,7 @@
var file_relocation = FM['TAB_'+tab+'_CURRENT_PATH']; var file_relocation = FM['TAB_'+tab+'_CURRENT_PATH'];
$('#file_upload_' + letter).fileupload("option", "url", url + '?dir=' + file_relocation); $('#file_upload_' + letter).fileupload("option", "url", url + '?token='+token+'&dir=' + file_relocation);
acc = $('<div>'); acc = $('<div>');
show_msg = false; show_msg = false;
data.submit(); data.submit();

7
web/upload/UploadHandler.php
View file

@ -3,10 +3,15 @@
//session_start(); //session_start();
// Preventing CSRF // Preventing CSRF
prevent_post_csrf(true); // prevent_post_csrf(true);
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) {
die("Wrong token or missing token");
}
// Check login_as feature // Check login_as feature
$user = $_SESSION['user']; $user = $_SESSION['user'];
if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) { if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {