Skip to content

Commit b08a125

Browse files
author
Till Brehm
committed
Fix for issue #5415
1 parent 090607b commit b08a125

File tree

71 files changed

+97
-77
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

71 files changed

+97
-77
lines changed

interface/lib/classes/auth.inc.php

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -268,16 +268,27 @@ public function csrf_token_get($form_name) {
268268
return array('csrf_id' => $_csrf_id,'csrf_key' => $_csrf_key);
269269
}
270270

271-
public function csrf_token_check() {
271+
public function csrf_token_check($method = 'POST') {
272272
global $app;
273273

274-
if(isset($_POST) && is_array($_POST)) {
274+
if($method == 'POST') {
275+
$input_vars = $_POST;
276+
} elseif ($method == 'GET') {
277+
$input_vars = $_GET;
278+
} else {
279+
$app->error('Unknown CSRF verification method.');
280+
}
281+
282+
//print_r($input_vars);
283+
//die(print_r($_SESSION['_csrf']));
284+
285+
if(isset($input_vars) && is_array($input_vars)) {
275286
$_csrf_valid = false;
276-
if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) {
277-
$_csrf_id = trim($_POST['_csrf_id']);
278-
$_csrf_key = trim($_POST['_csrf_key']);
287+
if(isset($input_vars['_csrf_id']) && isset($input_vars['_csrf_key'])) {
288+
$_csrf_id = trim($input_vars['_csrf_id']);
289+
$_csrf_key = trim($input_vars['_csrf_key']);
279290
if(isset($_SESSION['_csrf']) && isset($_SESSION['_csrf'][$_csrf_id]) && isset($_SESSION['_csrf_timeout']) && isset($_SESSION['_csrf_timeout'][$_csrf_id])) {
280-
if($_SESSION['_csrf'][$_csrf_id] === $_csrf_key && $_SESSION['_csrf_timeout'] >= time()) $_csrf_valid = true;
291+
if($_SESSION['_csrf'][$_csrf_id] === $_csrf_key && $_SESSION['_csrf_timeout'][$_csrf_id] >= time()) $_csrf_valid = true;
281292
}
282293
}
283294
if($_csrf_valid !== true) {

interface/lib/classes/listform_actions.inc.php

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -129,13 +129,19 @@ public function onLoad()
129129

130130
// Getting Datasets from DB
131131
$records = $app->db->queryAllRecords($this->getQueryString($php_sort));
132+
133+
$csrf_token = $app->auth->csrf_token_get($app->listform->listDef['name']);
134+
$_csrf_id = $csrf_token['csrf_id'];
135+
$_csrf_key = $csrf_token['csrf_key'];
132136

133137
$this->DataRowColor = "#FFFFFF";
134138
$records_new = array();
135139
if(is_array($records)) {
136140
$this->idx_key = $app->listform->listDef["table_idx"];
137-
foreach($records as $rec) {
138-
$records_new[] = $this->prepareDataRow($rec);
141+
foreach($records as $key => $rec) {
142+
$records_new[$key] = $this->prepareDataRow($rec);
143+
$records_new[$key]['csrf_id'] = $_csrf_id;
144+
$records_new[$key]['csrf_key'] = $_csrf_key;
139145
}
140146
}
141147

interface/lib/classes/tform_actions.inc.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -297,6 +297,9 @@ function onError() {
297297
*/
298298
function onDelete() {
299299
global $app, $conf, $list_def_file, $tform_def_file;
300+
301+
// Check CSRF Token
302+
$app->auth->csrf_token_check('GET');
300303

301304
include_once $list_def_file;
302305

interface/web/admin/templates/directive_snippets_list.htm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ <h1><tmpl_var name="list_head_txt"></h1>
4040
<td><a href="#" data-load-content="admin/directive_snippets_edit.php?id={tmpl_var name='id'}">{tmpl_var name="customer_viewable"}</a></td>
4141
<td><a href="#" data-load-content="admin/directive_snippets_edit.php?id={tmpl_var name='id'}">{tmpl_var name="master_directive_snippets_id"}</a></td>
4242
<td class="text-right">
43-
<tmpl_if name='is_master'></tmpl_else><a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/directive_snippets_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a></tmpl_if>
43+
<tmpl_if name='is_master'></tmpl_else><a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/directive_snippets_del.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a></tmpl_if>
4444
</td>
4545
</tr>
4646
</tmpl_loop>

interface/web/admin/templates/firewall_list.htm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ <h1><tmpl_var name="list_head_txt"></h1>
4040
<td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="tcp_port"}</a></td>
4141
<td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="udp_port"}</a></td>
4242
<td class="text-right">
43-
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/firewall_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
43+
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/firewall_del.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
4444
</td>
4545
</tr>
4646
</tmpl_loop>

interface/web/admin/templates/groups_list.htm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ <h1><tmpl_var name="list_head_txt"></h1>
3535
<td><a href="#" data-load-content="admin/groups_edit.php?id={tmpl_var name='id'}">{tmpl_var name="name"}</a></td>
3636
<td><a href="#" data-load-content="admin/groups_edit.php?id={tmpl_var name='id'}">{tmpl_var name="description"}</a></td>
3737
<td class="text-right">
38-
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/groups_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
38+
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/groups_del.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
3939
</td>
4040
</tr>
4141
</tmpl_loop>

interface/web/admin/templates/iptables_list.htm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ <h1><tmpl_var name="list_head_txt"></h1>
5151
<td><a href="#" data-load-content="admin/iptables_edit.php?id={tmpl_var name='id'}">{tmpl_var name="state"}</a></td>
5252
<td><a href="#" data-load-content="admin/iptables_edit.php?id={tmpl_var name='id'}">{tmpl_var name="target"}</a></td>
5353
<td class="text-right">
54-
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/iptables_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
54+
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/iptables_del.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
5555
</td>
5656
</tr>
5757
</tmpl_loop>

interface/web/admin/templates/server_config_list.htm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ <h1><tmpl_var name="list_head_txt"></h1>
2424
<tr>
2525
<td><a href="#" data-load-content="admin/server_config_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_name"}</a></td>
2626
<td class="text-right">
27-
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_config_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
27+
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_config_del.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
2828
</td>
2929
</tr>
3030
</tmpl_loop>

interface/web/admin/templates/server_ip_list.htm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ <h1><tmpl_var name="list_head_txt"></h1>
4545
<td><a href="#" data-load-content="admin/server_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="virtualhost"}</a></td>
4646
<td><a href="#" data-load-content="admin/server_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="virtualhost_port"}</a></td>
4747
<td class="text-right">
48-
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_ip_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
48+
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_ip_del.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
4949
</td>
5050
</tr>
5151
</tmpl_loop>

interface/web/admin/templates/server_ip_map_list.htm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ <h1><tmpl_var name="list_head_txt"></h1>
3232
<td><a href="#" data-load-content="admin/server_ip_map_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source_ip"}</a></td>
3333
<td><a href="#" data-load-content="admin/server_ip_map_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination_ip"}</a></td>
3434
<td class="text-right">
35-
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_ip_map_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
35+
<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_ip_map_del.php?id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>
3636
</td>
3737
</tr>
3838
</tmpl_loop>

0 commit comments

Comments
 (0)