summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornashe <thomas@chauchefoin.fr>2017-12-23 21:08:44 +0100
committernashe <thomas@chauchefoin.fr>2017-12-23 21:08:44 +0100
commit6ac12c0b26cd870e17dee0521eeaaf9487b85553 (patch)
treefc4c0645494631348a445b7f567f831f00adcade
parent20952e3f133bb2097f9f86fd2f2fffe4870d4228 (diff)
downloadplanet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar
planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.gz
planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.bz2
planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.xz
planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.zip
Add CSRF token checks
-rwxr-xr-xadmin/administration.php2
-rw-r--r--admin/changepassword.php4
-rwxr-xr-xadmin/index.php2
-rwxr-xr-xadmin/subscriptions.php4
4 files changed, 11 insertions, 1 deletions
diff --git a/admin/administration.php b/admin/administration.php
index 34afe73..26f6710 100755
--- a/admin/administration.php
+++ b/admin/administration.php
@@ -24,6 +24,7 @@ $page_content = <<<"FRAGMENT"
<div class="widget">
<h3>{$l10n->getString('Clear cache')}</h3>
<form action="purgecache.php" method="post" id="frmPurge">
+ <input type="hidden" value="{$csrf->generate('frmPurge')}" name="_csrf">
<p><label>{$l10n->getString('Clear cache:')}</label><input type="submit" class="submit delete" name="purge" id="purge" value="{$l10n->getString('Clear')}" /></p>
<p class="help">{$l10n->getString('Clearing the cache will make moonmoon reload all feeds.')}</p>
</form>
@@ -32,6 +33,7 @@ $page_content = <<<"FRAGMENT"
<div class="widget">
<h3>{$l10n->getString('Change administrator password')}</h3>
<form action="changepassword.php" method="post" id="frmPassword">
+ <input type="hidden" value="{$csrf->generate('frmPassword')}" name="_csrf">
<p><label for="password">{$l10n->getString('New password:')}</label> <input type="password" class="text" value="" name="password" id="password" size="20" /> <input type="submit" class="submit delete" name="changepwd" id="changepwd" value="{$l10n->getString('Change password')}" /></p>
</form>
</div>
diff --git a/admin/changepassword.php b/admin/changepassword.php
index 8c38769..3b4500e 100644
--- a/admin/changepassword.php
+++ b/admin/changepassword.php
@@ -1,7 +1,9 @@
<?php
+
+require_once __DIR__.'/../app/app.php';
require_once __DIR__.'/inc/auth.inc.php';
-if (isset($_POST['password']) && ('' != $_POST['password'])){
+if ($csrf->verify($_POST['_csrf'], 'frmPassword') && isset($_POST['password']) && ('' != $_POST['password'])) {
$out = '<?php $login="admin"; $password="'.md5($_POST['password']).'"; ?>';
file_put_contents(__DIR__.'/inc/pwd.inc.php', $out);
die("Password changed. <a href='administration.php'>Login</a>");
diff --git a/admin/index.php b/admin/index.php
index a01b77b..0118923 100755
--- a/admin/index.php
+++ b/admin/index.php
@@ -79,6 +79,7 @@ ob_start();
<input type="submit" class="submit add" name="add" value="<?=_g('Add Feed')?>" />
</fieldset>
<p class="help"><?=_g('Accepted formats are RSS and ATOM. If the link is not a feed, moonmoon will try to autodiscover the feed.')?></p>
+ <input type="hidden" value="<?php echo $csrf->generate('feedmanage'); ?>" name="_csrf">
</form>
</div>
@@ -87,6 +88,7 @@ ob_start();
<form action="subscriptions.php" method="post" id="feedmanage">
<p class="action">
<span class="count"><?php echo sprintf(_g('Number of feeds: %s'), $count_feeds)?></span>
+ <input type="hidden" value="<?php echo $csrf->generate('feedmanage'); ?>" name="_csrf">
<input type="submit" class="submit save" name="save" id="save" value="<?=_g('Save changes')?>" />
<input type="submit" class="submit delete" name="delete" id="delete" value="<?=_g('Delete selected Feeds')?>" />
</p>
diff --git a/admin/subscriptions.php b/admin/subscriptions.php
index f8e4c2c..0606c89 100755
--- a/admin/subscriptions.php
+++ b/admin/subscriptions.php
@@ -7,6 +7,10 @@ function removeSlashes(&$item, $key){
$item = stripslashes($item);
}
+if (!$csrf->verify($_POST['_csrf'], 'feedmanage')) {
+ die('Invalid CSRF token!');
+}
+
if (isset($_POST['opml']) || isset($_POST['add'])) {
// Load config and old OPML