[geeklog-cvs] Geeklog-1.x/public_html/admin block.php, 1.120, 1.121 plugins.php, 1.79, 1.80
Michael Jervis
mjervis at qs1489.pair.com
Sat Apr 19 11:14:43 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin
In directory qs1489.pair.com:/tmp/cvs-serv35968/public_html/admin
Modified Files:
block.php plugins.php
Log Message:
CSRF protection in plugin admin (both POST and GET operations).
Index: plugins.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins.php,v
retrieving revision 1.79
retrieving revision 1.80
diff -C2 -d -r1.79 -r1.80
*** plugins.php 25 Nov 2007 06:58:55 -0000 1.79
--- plugins.php 19 Apr 2008 15:14:41 -0000 1.80
***************
*** 147,150 ****
--- 147,152 ----
$plg_templates->set_var('enabled_checked', '');
}
+ $plg_templates->set_var('gltoken', SEC_createToken());
+ $plg_templates->set_var('gltoken_name', CSRF_TOKEN);
$plg_templates->set_var('end_block',
COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')));
***************
*** 237,241 ****
*
*/
! function show_newplugins ()
{
global $_CONF, $_TABLES, $LANG32;
--- 239,243 ----
*
*/
! function show_newplugins ($token)
{
global $_CONF, $_TABLES, $LANG32;
***************
*** 279,283 ****
'install_link'=> COM_createLink($LANG32[22],
$_CONF['site_admin_url'] . '/plugins/' . $dir
! . '/install.php?action=install')
);
$index++;
--- 281,285 ----
'install_link'=> COM_createLink($LANG32[22],
$_CONF['site_admin_url'] . '/plugins/' . $dir
! . '/install.php?action=install&'.CSRF_TOKEN.'='.$token)
);
$index++;
***************
*** 381,385 ****
*
*/
! function listplugins ()
{
global $_CONF, $_TABLES, $LANG32, $LANG_ADMIN, $_IMAGE_TYPE;
--- 383,387 ----
*
*/
! function listplugins ($token)
{
global $_CONF, $_TABLES, $LANG32, $LANG_ADMIN, $_IMAGE_TYPE;
***************
*** 425,429 ****
$retval .= ADMIN_list ('plugins', 'ADMIN_getListField_plugins', $header_arr,
! $text_arr, $query_arr, $defsort_arr, '', '', '', $form_arr);
return $retval;
--- 427,431 ----
$retval .= ADMIN_list ('plugins', 'ADMIN_getListField_plugins', $header_arr,
! $text_arr, $query_arr, $defsort_arr, '', $token, '', $form_arr);
return $retval;
***************
*** 433,437 ****
// MAIN
$display = '';
! if (isset ($_POST['pluginenabler'])) {
changePluginStatus ($_POST['enabledplugins']);
--- 435,439 ----
// MAIN
$display = '';
! if (isset ($_POST['pluginenabler']) && SEC_checkToken()) {
changePluginStatus ($_POST['enabledplugins']);
***************
*** 448,456 ****
if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) {
$pi_name = COM_applyFilter ($_POST['pi_name']);
! if ($_POST['confirmed'] == 1) {
$display .= COM_siteHeader ('menu', $LANG32[30]);
$display .= do_uninstall ($pi_name);
! $display .= listplugins ();
! $display .= show_newplugins();
$display .= COM_siteFooter ();
} else { // ask user for confirmation
--- 450,459 ----
if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) {
$pi_name = COM_applyFilter ($_POST['pi_name']);
! if (($_POST['confirmed'] == 1) && (SEC_checkToken())) {
$display .= COM_siteHeader ('menu', $LANG32[30]);
$display .= do_uninstall ($pi_name);
! $token = SEC_createToken();
! $display .= listplugins ($token);
! $display .= show_newplugins($token);
$display .= COM_siteFooter ();
} else { // ask user for confirmation
***************
*** 464,468 ****
}
! } else if (($mode == $LANG32[34]) && !empty ($LANG32[34])) { // update
$pi_name = COM_applyFilter ($_POST['pi_name']);
$display .= COM_siteHeader ('menu', $LANG32[13]);
--- 467,471 ----
}
! } else if (($mode == $LANG32[34]) && !empty ($LANG32[34]) && SEC_checkToken()) { // update
$pi_name = COM_applyFilter ($_POST['pi_name']);
$display .= COM_siteHeader ('menu', $LANG32[13]);
***************
*** 475,479 ****
$display .= COM_siteFooter ();
! } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) {
$display .= saveplugin (COM_applyFilter ($_POST['pi_name']),
COM_applyFilter ($_POST['pi_version']),
--- 478,482 ----
$display .= COM_siteFooter ();
! } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save']) && SEC_checkToken()) {
$display .= saveplugin (COM_applyFilter ($_POST['pi_name']),
COM_applyFilter ($_POST['pi_version']),
***************
*** 494,499 ****
}
}
! $display .= listplugins ();
! $display .= show_newplugins();
$display .= COM_siteFooter();
}
--- 497,503 ----
}
}
! $token = SEC_createToken();
! $display .= listplugins ($token);
! $display .= show_newplugins($token);
$display .= COM_siteFooter();
}
Index: block.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/block.php,v
retrieving revision 1.120
retrieving revision 1.121
diff -C2 -d -r1.120 -r1.121
*** block.php 15 Mar 2008 14:09:41 -0000 1.120
--- block.php 19 Apr 2008 15:14:41 -0000 1.121
***************
*** 825,829 ****
$display .= COM_siteHeader('menu', $LANG21[19]);
if(SEC_checkToken()) {
! $display .= moveBlock();
}
$display .= listblocks();
--- 825,829 ----
$display .= COM_siteHeader('menu', $LANG21[19]);
if(SEC_checkToken()) {
! $display .= moveBlock();
}
$display .= listblocks();
More information about the geeklog-cvs
mailing list