More fixes for issue #5415

Till Brehm · Till Brehm · commit a1d4fd482840 · 2019-10-09T10:48:24.000+02:00
diff --git a/interface/web/admin/software_package_del.php b/interface/web/admin/software_package_del.php
@@ -36,6 +36,9 @@
 $app->auth->check_security_permissions('admin_allow_software_packages');
 if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
 
+// Check CSRF Token
+$app->auth->csrf_token_check('GET');
+
 $software_update_inst_id = $app->functions->intval($_GET['software_update_inst_id']);
 
 if($software_update_inst_id > 0) {
diff --git a/interface/web/admin/software_package_install.php b/interface/web/admin/software_package_install.php
@@ -38,6 +38,13 @@
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');
 
+// Check CSRF Token
+if(count($_POST) > 0) {
+	$app->auth->csrf_token_check('POST');
+} else {
+	$app->auth->csrf_token_check('GET');
+}
+
 $package_name = $_REQUEST['package'];
 $install_server_id = $app->functions->intval($_REQUEST['server_id']);
 $install_key = trim($_REQUEST['install_key']);
diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php
@@ -145,6 +145,9 @@
 $app->tpl->newTemplate("form.tpl.htm");
 $app->tpl->setInclude('content_tpl', 'templates/software_package_list.htm');
 
+$csrf_token = $app->auth->csrf_token_get('software_package_list');
+$_csrf_id = $csrf_token['csrf_id'];
+$_csrf_key = $csrf_token['csrf_key'];
 
 $servers = $app->db->queryAllRecords('SELECT server_id, server_name FROM server ORDER BY server_name');
 $packages = $app->db->queryAllRecords('SELECT * FROM software_package');
@@ -167,12 +170,14 @@
 				if($p['package_installable'] == 'no') {
 					$installed_txt .= $s['server_name'].": ".$app->lng("Package can not be installed.")."<br />";
 				} else {
-					$installed_txt .= $s['server_name'].": <a href=\"#\" data-load-content=\"admin/software_package_install.php?package=".$p["package_name"]."&server_id=".$s["server_id"]."\">Install now</a><br />";
+					$installed_txt .= $s['server_name'].": <a href=\"#\" data-load-content=\"admin/software_package_install.php?package=".$p["package_name"]."&server_id=".$s["server_id"]."&_csrf_key=".$_csrf_key."&_csrf_id=".$_csrf_id."\">Install now</a><br />";
 				}
 			}
 		}
 		$packages[$key]['software_update_inst_id'] = intval($inst['software_update_inst_id']);
 		$packages[$key]['installed'] = $installed_txt;
+		$packages[$key]['csrf_id'] = $_csrf_id;
+		$packages[$key]['csrf_key'] = $_csrf_key;
 	}
 	$app->tpl->setVar('has_packages', 1);
 } else {
diff --git a/interface/web/admin/templates/software_package_list.htm b/interface/web/admin/templates/software_package_list.htm
@@ -33,7 +33,7 @@ <h1><tmpl_var name="list_head_txt"></h1>
                             <td>ispapp{tmpl_var name="package_id"}</td>
 							<td class="text-right">
 								<a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="admin/software_package_edit.php?id={tmpl_var name='package_id'}"><span class="icon icon-edit"></span></a>
-                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_package_del.php?software_update_inst_id={tmpl_var name='software_update_inst_id'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
+                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_package_del.php?software_update_inst_id={tmpl_var name='software_update_inst_id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
                             </td>
                         </tr>
 						</tmpl_if>

Original file line number	Diff line number	Diff line change
`@@ -145,6 +145,9 @@`
`145`	`145`	`$app->tpl->newTemplate("form.tpl.htm");`
`146`	`146`	`$app->tpl->setInclude('content_tpl', 'templates/software_package_list.htm');`
`147`	`147`
	`148`	`+$csrf_token = $app->auth->csrf_token_get('software_package_list');`
	`149`	`+$_csrf_id = $csrf_token['csrf_id'];`
	`150`	`+$_csrf_key = $csrf_token['csrf_key'];`
`148`	`151`
`149`	`152`	`$servers = $app->db->queryAllRecords('SELECT server_id, server_name FROM server ORDER BY server_name');`
`150`	`153`	`$packages = $app->db->queryAllRecords('SELECT * FROM software_package');`
`@@ -167,12 +170,14 @@`
`167`	`170`	`if($p['package_installable'] == 'no') {`
`168`	`171`	`$installed_txt .= $s['server_name'].": ".$app->lng("Package can not be installed.")."<br />";`
`169`	`172`	`} else {`
`170`		`- $installed_txt .= $s['server_name'].": <a href=\"#\" data-load-content=\"admin/software_package_install.php?package=".$p["package_name"]."&server_id=".$s["server_id"]."\">Install now</a><br />";`
	`173`	`+ $installed_txt .= $s['server_name'].": <a href=\"#\" data-load-content=\"admin/software_package_install.php?package=".$p["package_name"]."&server_id=".$s["server_id"]."&_csrf_key=".$_csrf_key."&_csrf_id=".$_csrf_id."\">Install now</a><br />";`
`171`	`174`	`}`
`172`	`175`	`}`
`173`	`176`	`}`
`174`	`177`	`$packages[$key]['software_update_inst_id'] = intval($inst['software_update_inst_id']);`
`175`	`178`	`$packages[$key]['installed'] = $installed_txt;`
	`179`	`+ $packages[$key]['csrf_id'] = $_csrf_id;`
	`180`	`+ $packages[$key]['csrf_key'] = $_csrf_key;`
`176`	`181`	`}`
`177`	`182`	`$app->tpl->setVar('has_packages', 1);`
`178`	`183`	`} else {`