Various fixes related to #5415

Till Brehm · Till Brehm · commit 559c694e648b · 2019-10-04T17:33:43.000+02:00
diff --git a/interface/web/sites/aps_do_operation.php b/interface/web/sites/aps_do_operation.php
@@ -64,6 +64,9 @@
 }
 else if($_GET['action'] == 'delete_instance')
 	{
+		// Check CSRF Token
+		$app->auth->csrf_token_check('GET');
+		
 		// Make sure a valid package ID is given (also corresponding to the calling user)
 		$client_id = 0;
 		$is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;
diff --git a/interface/web/sites/aps_install_package.php b/interface/web/sites/aps_install_package.php
@@ -93,6 +93,9 @@
 	$result['input'] = array();
 if(count($_POST) > 1)
 {
+	// Check CSRF Token
+	$app->auth->csrf_token_check();
+	
 	$result = $gui->validateInstallerInput($_POST, $details, $domains, $settings);
 	if(empty($result['error']))
 	{
@@ -117,13 +120,16 @@
 	else if($key == 'Requirements PHP settings') $app->tpl->setLoop('pkg_requirements_php_settings', $details['Requirements PHP settings']);
 }
 
+// get new csrf token
+$csrf_token = $app->auth->csrf_token_get('aps_install_package');
+$app->tpl->setVar('_csrf_id', $csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key', $csrf_token['csrf_key']);
+
 // Parse the template as far as possible, then do the rest manually
 $app->tpl_defaults();
 $parsed_tpl = $app->tpl->grab();
 
 
-// ISPConfig has a very old and functionally limited template engine. We have to style parts on our own...
-
 // Print the domain list
 $domains_tpl = '';
 if(!empty($domains))
diff --git a/interface/web/sites/aps_installedpackages_list.php b/interface/web/sites/aps_installedpackages_list.php
@@ -112,12 +112,16 @@
 $records = $app->db->queryAllRecords($query);
 $app->listform_actions->DataRowColor = '#FFFFFF';
 
+$csrf_token = $app->auth->csrf_token_get($app->listform->listDef['name']);
+$_csrf_id = $csrf_token['csrf_id'];
+$_csrf_key = $csrf_token['csrf_key'];
+
 // Re-form all result entries and add extra entries
 $records_new = array();
 if(is_array($records))
 {
 	$app->listform_actions->idx_key = $app->listform->listDef["table_idx"];
-	foreach($records as $rec)
+	foreach($records as $key => $rec)
 	{
 		// Set an abbreviated install location to beware the page layout
 		$ils = '';
@@ -129,7 +133,9 @@
 		if($rec['instance_status'] != INSTANCE_REMOVE && $rec['instance_status'] != INSTANCE_INSTALL)
 			$rec['delete_possible'] = 'true';
 
-		$records_new[] = $app->listform_actions->prepareDataRow($rec);
+		$records_new[$key] = $app->listform_actions->prepareDataRow($rec);
+		$records_new[$key]['csrf_id'] = $_csrf_id;
+		$records_new[$key]['csrf_key'] = $_csrf_key;
 	}
 }
 $app->tpl->setLoop('records', $records_new);
diff --git a/interface/web/sites/templates/aps_instances_list.htm b/interface/web/sites/templates/aps_instances_list.htm
@@ -40,7 +40,7 @@ <h1>{tmpl_var name="list_head_txt"}</h1>
                             <td><span id="status_content{tmpl_var name='__ROWNUM__'}">{tmpl_var name='instance_status'}</span></td>
                             <td class="text-right">
                                 <tmpl_if name='delete_possible'>
-                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/aps_do_operation.php?action=delete_instance&id={tmpl_var name='id'}','{tmpl_var name='pkg_delete_confirmation'}')"><span class="icon icon-delete"></span></button>
+                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/aps_do_operation.php?action=delete_instance&id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}','{tmpl_var name='pkg_delete_confirmation'}')"><span class="icon icon-delete"></span></button>
                                 </tmpl_if>
                             </td>        
                         </tr>
diff --git a/interface/web/sites/templates/aps_packages_list.htm b/interface/web/sites/templates/aps_packages_list.htm
@@ -31,7 +31,7 @@ <h1>{tmpl_var name="list_head_txt"}</h1>
                             <td>{tmpl_var name='version'}-{tmpl_var name='release'}</td>
                             <td>{tmpl_var name='category'}</td>
                                 <tmpl_if name='is_admin'>
-                                    <td><a href="javascript:ISPConfig.loadContentInto('status_content{tmpl_var name='__ROWNUM__'}', 'sites/aps_do_operation.php?action=change_status&id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}');"><span id="status_content{tmpl_var name='__ROWNUM__'}">{tmpl_var name='package_status'}</span></a></td>
+                                    <td><a href="javascript:ISPConfig.loadContentInto('status_content{tmpl_var name='__ROWNUM__'}', 'sites/aps_do_operation.php?action=change_status&id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}');"><span id="status_content{tmpl_var name='__ROWNUM__'}">{tmpl_var name='package_status'}</span></a></td>
                                 </tmpl_if>
                             <td class="text-right">&nbsp;</td>
                         </tr>

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,9 @@`
`64`	`64`	`}`
`65`	`65`	`else if($_GET['action'] == 'delete_instance')`
`66`	`66`	`{`
	`67`	`+ // Check CSRF Token`
	`68`	`+ $app->auth->csrf_token_check('GET');`
	`69`	`+`
`67`	`70`	`// Make sure a valid package ID is given (also corresponding to the calling user)`
`68`	`71`	`$client_id = 0;`
`69`	`72`	`$is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;`