diff options
author | nashe <thomas@chauchefoin.fr> | 2017-12-23 21:08:44 +0100 |
---|---|---|
committer | nashe <thomas@chauchefoin.fr> | 2017-12-23 21:08:44 +0100 |
commit | 6ac12c0b26cd870e17dee0521eeaaf9487b85553 (patch) | |
tree | fc4c0645494631348a445b7f567f831f00adcade /admin | |
parent | 20952e3f133bb2097f9f86fd2f2fffe4870d4228 (diff) | |
download | planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.gz planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.bz2 planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.tar.xz planet-6ac12c0b26cd870e17dee0521eeaaf9487b85553.zip |
Add CSRF token checks
Diffstat (limited to 'admin')
-rwxr-xr-x | admin/administration.php | 2 | ||||
-rw-r--r-- | admin/changepassword.php | 4 | ||||
-rwxr-xr-x | admin/index.php | 2 | ||||
-rwxr-xr-x | admin/subscriptions.php | 4 |
4 files changed, 11 insertions, 1 deletions
diff --git a/admin/administration.php b/admin/administration.php index 34afe73..26f6710 100755 --- a/admin/administration.php +++ b/admin/administration.php @@ -24,6 +24,7 @@ $page_content = <<<"FRAGMENT" <div class="widget"> <h3>{$l10n->getString('Clear cache')}</h3> <form action="purgecache.php" method="post" id="frmPurge"> + <input type="hidden" value="{$csrf->generate('frmPurge')}" name="_csrf"> <p><label>{$l10n->getString('Clear cache:')}</label><input type="submit" class="submit delete" name="purge" id="purge" value="{$l10n->getString('Clear')}" /></p> <p class="help">{$l10n->getString('Clearing the cache will make moonmoon reload all feeds.')}</p> </form> @@ -32,6 +33,7 @@ $page_content = <<<"FRAGMENT" <div class="widget"> <h3>{$l10n->getString('Change administrator password')}</h3> <form action="changepassword.php" method="post" id="frmPassword"> + <input type="hidden" value="{$csrf->generate('frmPassword')}" name="_csrf"> <p><label for="password">{$l10n->getString('New password:')}</label> <input type="password" class="text" value="" name="password" id="password" size="20" /> <input type="submit" class="submit delete" name="changepwd" id="changepwd" value="{$l10n->getString('Change password')}" /></p> </form> </div> diff --git a/admin/changepassword.php b/admin/changepassword.php index 8c38769..3b4500e 100644 --- a/admin/changepassword.php +++ b/admin/changepassword.php @@ -1,7 +1,9 @@ <?php + +require_once __DIR__.'/../app/app.php'; require_once __DIR__.'/inc/auth.inc.php'; -if (isset($_POST['password']) && ('' != $_POST['password'])){ +if ($csrf->verify($_POST['_csrf'], 'frmPassword') && isset($_POST['password']) && ('' != $_POST['password'])) { $out = '<?php $login="admin"; $password="'.md5($_POST['password']).'"; ?>'; file_put_contents(__DIR__.'/inc/pwd.inc.php', $out); die("Password changed. <a href='administration.php'>Login</a>"); diff --git a/admin/index.php b/admin/index.php index a01b77b..0118923 100755 --- a/admin/index.php +++ b/admin/index.php @@ -79,6 +79,7 @@ ob_start(); <input type="submit" class="submit add" name="add" value="<?=_g('Add Feed')?>" /> </fieldset> <p class="help"><?=_g('Accepted formats are RSS and ATOM. If the link is not a feed, moonmoon will try to autodiscover the feed.')?></p> + <input type="hidden" value="<?php echo $csrf->generate('feedmanage'); ?>" name="_csrf"> </form> </div> @@ -87,6 +88,7 @@ ob_start(); <form action="subscriptions.php" method="post" id="feedmanage"> <p class="action"> <span class="count"><?php echo sprintf(_g('Number of feeds: %s'), $count_feeds)?></span> + <input type="hidden" value="<?php echo $csrf->generate('feedmanage'); ?>" name="_csrf"> <input type="submit" class="submit save" name="save" id="save" value="<?=_g('Save changes')?>" /> <input type="submit" class="submit delete" name="delete" id="delete" value="<?=_g('Delete selected Feeds')?>" /> </p> diff --git a/admin/subscriptions.php b/admin/subscriptions.php index f8e4c2c..0606c89 100755 --- a/admin/subscriptions.php +++ b/admin/subscriptions.php @@ -7,6 +7,10 @@ function removeSlashes(&$item, $key){ $item = stripslashes($item); } +if (!$csrf->verify($_POST['_csrf'], 'feedmanage')) { + die('Invalid CSRF token!'); +} + if (isset($_POST['opml']) || isset($_POST['add'])) { // Load config and old OPML |