CSRF fixes

LiveHelperChat · Aug 25, 2021 · ee36bf5 · ee36bf5
1 parent b9207ee
commit ee36bf5
Show file tree

Hide file tree

Showing 13 changed files with 42 additions and 15 deletions.
diff --git a/lhc_web/design/defaulttheme/tpl/lhfile/edit.tpl.php b/lhc_web/design/defaulttheme/tpl/lhfile/edit.tpl.php
@@ -18,5 +18,7 @@
         <label><input type="checkbox" name="persistent" value="on" <?php echo $item->persistent == 1 ? print 'checked="checked"' : print ''?> > <?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('file/new','Persistent');?></label>
     </div>
 
+    <?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
+
     <input type="submit" class="btn btn-secondary" name="UploadFileAction" value="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('file/new','Update');?>" />
 </form>
diff --git a/lhc_web/design/defaulttheme/tpl/lhfile/new.tpl.php b/lhc_web/design/defaulttheme/tpl/lhfile/new.tpl.php
@@ -31,5 +31,7 @@
         <label><input type="checkbox" name="persistent" value="on" <?php if (isset($persistent) && $persistent == true) : ?>checked="checked"<?php endif;?> > <?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('file/new','Persistent');?></label>
     </div>
 
+    <?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
+
 	<input type="submit" class="btn btn-secondary" name="UploadFileAction" value="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('file/new','Upload');?>" />
 </form>
diff --git a/lhc_web/design/defaulttheme/tpl/lhgroupchat/edit.tpl.php b/lhc_web/design/defaulttheme/tpl/lhgroupchat/edit.tpl.php
@@ -12,8 +12,6 @@
 
     <?php include(erLhcoreClassDesign::designtpl('lhgroupchat/form.tpl.php'));?>
 
-    <?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
-
     <div class="btn-group" role="group" aria-label="...">
         <input type="submit" class="btn btn-secondary" name="Update_action" value="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/buttons','Save');?>"/>
         <input type="submit" class="btn btn-secondary" name="Save_action" value="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/buttons','Save & Exit');?>"/>

diff --git a/lhc_web/design/defaulttheme/tpl/lhgroupchat/form.tpl.php b/lhc_web/design/defaulttheme/tpl/lhgroupchat/form.tpl.php
@@ -6,3 +6,5 @@
 <div class="form-group">
      <label><input type="checkbox" name="Type" value="1" <?php if ($item->type == 1) : ?>checked="checked"<?php endif;?> /> <?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('department/edit','Private');?></label>
 </div>
+
+<?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
diff --git a/lhc_web/design/defaulttheme/tpl/lhpermission/editrole.tpl.php b/lhc_web/design/defaulttheme/tpl/lhpermission/editrole.tpl.php
@@ -1,10 +1,11 @@
-<h1 ng-non-bindable><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('permission/editrole','Edit role');?> - <?php echo $role->name?></h1>
+<h1 ng-non-bindable><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('permission/editrole','Edit role');?> - <?php echo htmlspecialchars($role->name)?></h1>
 
     <?php if (isset($errors)) : ?>
     		<?php include(erLhcoreClassDesign::designtpl('lhkernel/validation_error.tpl.php'));?>
     <?php endif; ?>
 
 	<form action="<?php echo erLhcoreClassDesign::baseurl('permission/editrole')?>/<?php echo $role->id?>" method="post" ng-non-bindable>
+
 		<?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
 
 		<div class="form-group">

diff --git a/lhc_web/design/defaulttheme/tpl/lhpermission/roles.tpl.php b/lhc_web/design/defaulttheme/tpl/lhpermission/roles.tpl.php
@@ -18,7 +18,7 @@
         <td><?php echo $departament['id']?></td>
         <td><?php echo htmlspecialchars($departament['name'])?></td>
         <?php if ($canEdit) : ?><td nowrap><a class="btn btn-secondary btn-xs" href="<?php echo erLhcoreClassDesign::baseurl('permission/editrole')?>/<?php echo $departament['id']?>"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('permission/roles','Edit a role');?></a></td><?php endif;?>
-        <?php if ($canEdit) : ?><td nowrap><a class="btn btn-secondary btn-xs" href="<?php echo erLhcoreClassDesign::baseurl('permission/clonerole')?>/<?php echo $departament['id']?>"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('permission/roles','Clone');?></a></td><?php endif;?>
+        <?php if ($canEdit) : ?><td nowrap><a class="btn btn-secondary btn-xs csfr-required" href="<?php echo erLhcoreClassDesign::baseurl('permission/clonerole')?>/<?php echo $departament['id']?>"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('permission/roles','Clone');?></a></td><?php endif;?>
         <?php if ($canDelete) : ?><td nowrap><?php if ($departament['id'] != 1 && erLhcoreClassRole::canDeleteRole($departament['id']) === true) : ?><a class="csfr-required btn btn-danger btn-xs" onclick="return confirm('Are you sure?')" href="<?php echo erLhcoreClassDesign::baseurl('permission/deleterole')?>/<?php echo $departament['id']?>"><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('permission/roles','Delete a role');?></a><?php endif;?></td><?php endif;?>
     </tr>
 <?php endforeach; ?>

diff --git a/lhc_web/design/defaulttheme/tpl/lhxmp/xmp.tpl.php b/lhc_web/design/defaulttheme/tpl/lhxmp/xmp.tpl.php
@@ -50,18 +50,18 @@
 				<div class="row form-group">
 					<div class="col-6">
 						<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Host');?></label>
-						<input class="form-control" type="text" name="host" placeholder="talk.google.com" value="<?php (isset($xmp_data['host']) && $xmp_data['host'] != '') ? print $xmp_data['host'] : print '' ?>" />
+						<input class="form-control" type="text" name="host" placeholder="talk.google.com" value="<?php (isset($xmp_data['host']) && $xmp_data['host'] != '') ? print htmlspecialchars($xmp_data['host']) : print '' ?>" />
 					</div>
 					<div class="col-6">
 						<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Port');?></label>
-						<input class="form-control" type="text" name="port" value="<?php (isset($xmp_data['port']) && $xmp_data['port'] != '') ? print $xmp_data['port'] : print '5222' ?>" />
+						<input class="form-control" type="text" name="port" value="<?php (isset($xmp_data['port']) && $xmp_data['port'] != '') ? print htmlspecialchars($xmp_data['port']) : print '5222' ?>" />
 					</div>
 				</div>
 
 				<div class="row form-group">
 					<div class="col-6">			
 						<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Login');?></label>
-						<input class="form-control" type="text" name="username" autocomplete="new-password" value="<?php (isset($xmp_data['username']) && $xmp_data['username'] != '') ? print $xmp_data['username'] : print '' ?>" />
+						<input class="form-control" type="text" name="username" autocomplete="new-password" value="<?php (isset($xmp_data['username']) && $xmp_data['username'] != '') ? print htmlspecialchars($xmp_data['username']) : print '' ?>" />
 					</div>
 					<div class="col-6">
 						<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Password');?></label>
@@ -72,29 +72,29 @@
 				<div class="row form-group">
 					<div class="col-6">
 						<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Resource');?></label>
-						<input class="form-control" type="text" name="resource" placeholder="xmpphp" value="<?php (isset($xmp_data['resource']) && $xmp_data['resource'] != '') ? print $xmp_data['resource'] : print '' ?>" />
+						<input class="form-control" type="text" name="resource" placeholder="xmpphp" value="<?php (isset($xmp_data['resource']) && $xmp_data['resource'] != '') ? print htmlspecialchars($xmp_data['resource']) : print '' ?>" />
 					</div>
 					<div class="col-6">
 						<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Server');?></label>
-						<input class="form-control" type="text" name="server" placeholder="gmail.com" value="<?php (isset($xmp_data['server']) && $xmp_data['server'] != '') ? print $xmp_data['server'] : print '' ?>" />
+						<input class="form-control" type="text" name="server" placeholder="gmail.com" value="<?php (isset($xmp_data['server']) && $xmp_data['server'] != '') ? print htmlspecialchars($xmp_data['server']) : print '' ?>" />
 					</div>
 				</div>
 
 				<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Recipients');?></label>
-				<input class="form-control" type="text" name="recipients" placeholder="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Default recipients'); ?>" value="<?php (isset($xmp_data['recipients']) && $xmp_data['recipients'] != '') ? print $xmp_data['recipients'] : print '' ?>" />
+				<input class="form-control" type="text" name="recipients" placeholder="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Default recipients'); ?>" value="<?php (isset($xmp_data['recipients']) && $xmp_data['recipients'] != '') ? print htmlspecialchars($xmp_data['recipients']) : print '' ?>" />
 
 				<?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
 
 				<h3><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Test recipients');?></h3>
 
 				<div class="form-group">
 				<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Individual recipients');?></label>
-				<input class="form-control" type="text" name="test_recipients" value="<?php (isset($xmp_data['test_recipients']) && $xmp_data['test_recipients'] != '') ? print $xmp_data['test_recipients'] : print '' ?>" />
+				<input class="form-control" type="text" name="test_recipients" value="<?php (isset($xmp_data['test_recipients']) && $xmp_data['test_recipients'] != '') ? print htmlspecialchars($xmp_data['test_recipients']) : print '' ?>" />
 				</div>
 
 				<div class="form-group">
 				<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Test group recipients');?></label>
-				<input class="form-control" type="text" name="test_group_recipients" value="<?php (isset($xmp_data['test_group_recipients']) && $xmp_data['test_group_recipients'] != '') ? print $xmp_data['test_group_recipients'] : print '' ?>" />
+				<input class="form-control" type="text" name="test_group_recipients" value="<?php (isset($xmp_data['test_group_recipients']) && $xmp_data['test_group_recipients'] != '') ? print htmlspecialchars($xmp_data['test_group_recipients']) : print '' ?>" />
 				</div>
 
 				<div class="btn-group" role="group" aria-label="...">
@@ -107,7 +107,7 @@
 		        <label><input type="radio" name="use_standard_xmp" value="1" <?php isset($xmp_data['use_standard_xmp']) && ($xmp_data['use_standard_xmp'] == '1') ? print 'checked="checked"' : '' ?> /> <?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Use GTalk for messaging'); ?></label>
 				<h4><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Information for your google app')?></h4>	
 				<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Redirect URL, this url you will have to enter in your google app configuration')?></label>
-				<input class="form-control" type="text" value="<?php echo erLhcoreClassXMP::getBaseHost(),$_SERVER['HTTP_HOST']?><?php echo erLhcoreClassDesign::baseurl('xmp/configuration')?>/(gtalkoauth)/true" />
+				<input class="form-control" type="text" value="<?php echo htmlspecialchars(erLhcoreClassXMP::getBaseHost().$_SERVER['HTTP_HOST'])?><?php echo erLhcoreClassDesign::baseurl('xmp/configuration')?>/(gtalkoauth)/true" />
 
 
 				<h4><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Enter your app information bellow')?></h4>						
@@ -118,7 +118,7 @@
 
 				<div class="form-group">
 				<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('system/xmpp','Client secret');?></label>
-				<input class="form-control" type="text" name="gtalk_client_secret" value="<?php (isset($xmp_data['gtalk_client_secret']) && $xmp_data['gtalk_client_secret'] != '') ? print $xmp_data['gtalk_client_secret'] : print '' ?>" />
+				<input class="form-control" type="text" name="gtalk_client_secret" value="<?php (isset($xmp_data['gtalk_client_secret']) && $xmp_data['gtalk_client_secret'] != '') ? print htmlspecialchars($xmp_data['gtalk_client_secret']) : print '' ?>" />
 				</div>
 
 				<?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>

diff --git a/lhc_web/modules/lhfile/edit.php b/lhc_web/modules/lhfile/edit.php
@@ -5,6 +5,12 @@
 $file = erLhcoreClassModelChatFile::fetch((int)$Params['user_parameters']['file_id']);
 
 if (ezcInputForm::hasPostData()) {
+
+    if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+        erLhcoreClassModule::redirect('file/list');
+        exit;
+    }
+
     $definition = array(
         'persistent' => new ezcInputFormDefinitionElement(
             ezcInputFormDefinitionElement::OPTIONAL, 'boolean'

diff --git a/lhc_web/modules/lhfile/new.php b/lhc_web/modules/lhfile/new.php
@@ -5,6 +5,11 @@
 
 if (isset($_POST['UploadFileAction'])) {
 
+    if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+        erLhcoreClassModule::redirect('file/list');
+        exit;
+    }
+
     $errors = array();
     erLhcoreClassChatEventDispatcher::getInstance()->dispatch('file.before_file_new_admin.file_store', array('errors' => & $errors));
 

diff --git a/lhc_web/modules/lhgroupchat/edit.php b/lhc_web/modules/lhgroupchat/edit.php
@@ -7,7 +7,7 @@
 if (isset($_POST['Update_action']) || isset($_POST['Save_action'])  )
 {
     if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
-        erLhcoreClassModule::redirect('department/departments');
+        erLhcoreClassModule::redirect('groupchat/list');
         exit;
     }
 

diff --git a/lhc_web/modules/lhgroupchat/new.php b/lhc_web/modules/lhgroupchat/new.php
@@ -10,6 +10,11 @@
 
 if (isset($_POST['Save_action']) || isset($_POST['Update_action']))
 {
+    if (!isset($_POST['csfr_token']) || !$currentUser->validateCSFRToken($_POST['csfr_token'])) {
+        erLhcoreClassModule::redirect('groupchat/new');
+        exit;
+    }
+
     $Errors = erLhcoreClassGroupChat::validateGroupChat($item);
 
     if (count($Errors) == 0)

diff --git a/lhc_web/modules/lhpermission/clonerole.php b/lhc_web/modules/lhpermission/clonerole.php
@@ -2,6 +2,11 @@
 
 $role = erLhcoreClassModelRole::fetch((int)$Params['user_parameters']['role_id']);
 
+if (!$currentUser->validateCSFRToken($Params['user_parameters_unordered']['csfr'])) {
+    die('Invalid CSFR Token');
+    exit;
+}
+
 $roleFunctions = erLhcoreClassModelRoleFunction::getList(array('limit' => false, 'filter' => array('role_id' => $role->id)));
 
 // Role copy

diff --git a/lhc_web/modules/lhpermission/module.php b/lhc_web/modules/lhpermission/module.php
@@ -24,6 +24,7 @@
 
 $ViewList['clonerole'] = array(
     'params' => array('role_id'),
+    'uparams' => array('csfr'),
     'functions' => array( 'edit' )
 );