From 9b84b6aeead7be4bcde0dd8a519532619155a02f Mon Sep 17 00:00:00 2001 From: nivcoo Date: Sun, 16 Jan 2022 20:00:17 +0100 Subject: [PATCH] improv. fix http_host exploit --- app/Config/Schema/schema.php | 2 ++ app/Controller/UserController.php | 4 ++-- app/View/Configuration/admin_index.ctp | 17 +++++++++++++++-- lang/en_UK.json | 1 + lang/en_US.json | 1 + lang/fr_FR.json | 1 + lang/ru_RU.json | 1 + 7 files changed, 23 insertions(+), 4 deletions(-) diff --git a/app/Config/Schema/schema.php b/app/Config/Schema/schema.php index 64b4b15c..04f7e97f 100755 --- a/app/Config/Schema/schema.php +++ b/app/Config/Schema/schema.php @@ -54,6 +54,7 @@ class AppSchema extends CakeSchema ]; public $configurations = [ 'id' => ['type' => 'integer', 'null' => false, 'default' => null, 'length' => 20, 'unsigned' => false, 'key' => 'primary'], + 'website_url' => ['type' => 'text', 'null' => false, 'default' => "https://domain.fr", 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'], 'name' => ['type' => 'string', 'null' => false, 'default' => null, 'length' => 50, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'], 'email' => ['type' => 'string', 'null' => false, 'default' => null, 'length' => 50, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'], 'lang' => ['type' => 'string', 'null' => false, 'default' => 'fr', 'length' => 5, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'], @@ -398,6 +399,7 @@ public function after($event = [], $install = false, $updateContent = []) if (!$exist) { $configuration->create(); // la config de base $configuration->set([ + 'website_url' => 'https://domain.fr', 'name' => 'MineWeb', 'email' => 'noreply@mineweb.org', 'lang' => 'fr_FR', diff --git a/app/Controller/UserController.php b/app/Controller/UserController.php index 3885d8b5..1ff9148e 100755 --- a/app/Controller/UserController.php +++ b/app/Controller/UserController.php @@ -225,7 +225,7 @@ function ajax_lostpasswd() $message = $this->Lang->get('USER__PASSWORD_RESET_EMAIL_CONTENT', [ '{EMAIL}' => $this->request->data['email'], '{PSEUDO}' => $search['User']['pseudo'], - '{LINK}' => Router::url('/?resetpasswd_' . $key, true) + '{LINK}' => $this->Configuration->getKey('website_url') . DS . "/?resetpasswd_$key" ]); $event = new CakeEvent('beforeSendResetPassMail', $this, ['user_id' => $search['User']['id'], 'key' => $key]); $this->getEventManager()->dispatch($event); @@ -493,7 +493,7 @@ function resend_confirmation() if (!$this->Configuration->getKey('confirm_mail_signup') || empty($confirmed) || date('Y-m-d H:i:s', strtotime($confirmed)) == $confirmed) throw new NotFoundException(); $emailMsg = $this->Lang->get('EMAIL__CONTENT_CONFIRM_MAIL', [ - '{LINK}' => Router::url('/user/confirm/', true) . $confirmed, + '{LINK}' => $this->Configuration->getKey('website_url') . "/user/confirm/$confirmed", '{IP}' => $this->Util->getIP(), '{USERNAME}' => $user['pseudo'], '{DATE}' => $this->Lang->date(date('Y-m-d H:i:s')) diff --git a/app/View/Configuration/admin_index.ctp b/app/View/Configuration/admin_index.ctp index 63816722..a3093c38 100755 --- a/app/View/Configuration/admin_index.ctp +++ b/app/View/Configuration/admin_index.ctp @@ -13,15 +13,28 @@
+
+ + Form->input(false, [ + 'div' => false, + 'type' => 'text', + 'name' => 'name', + 'class' => 'form-control', + 'value' => $config['website_url'] + ]); ?> +
+
Form->input(false, [ diff --git a/lang/en_UK.json b/lang/en_UK.json index 8873c4d9..c0d04d76 100755 --- a/lang/en_UK.json +++ b/lang/en_UK.json @@ -185,6 +185,7 @@ "CONFIG__SOCIAL_PREFERENCES": "Social preferences", "CONFIG__OTHER_PREFERENCES": "Preferences other", "CONFIG__EDIT_SUCCESS": "Configuration successfully changed!", + "CONFIG__KEY_WEBSITE_URL": "Site address (With protocol, http/https)", "CONFIG__KEY_NAME": "Site Name", "CONFIG__KEY_VERSION": "CMS Version", "CONFIG__KEY_EMAIL": "Email to send emails to users", diff --git a/lang/en_US.json b/lang/en_US.json index 18994ce7..59341b70 100755 --- a/lang/en_US.json +++ b/lang/en_US.json @@ -185,6 +185,7 @@ "CONFIG__SOCIAL_PREFERENCES": "Social preferences", "CONFIG__OTHER_PREFERENCES": "Preferences other", "CONFIG__EDIT_SUCCESS": "Configuration successfully changed!", + "CONFIG__KEY_WEBSITE_URL": "Site address (With protocol, http/https)", "CONFIG__KEY_NAME": "Site Name", "CONFIG__KEY_VERSION": "CMS Version", "CONFIG__KEY_EMAIL": "Email to send emails to users", diff --git a/lang/fr_FR.json b/lang/fr_FR.json index 977e6570..2da9125a 100755 --- a/lang/fr_FR.json +++ b/lang/fr_FR.json @@ -185,6 +185,7 @@ "CONFIG__SOCIAL_PREFERENCES": "Préférences sociales", "CONFIG__OTHER_PREFERENCES": "Préférences autres", "CONFIG__EDIT_SUCCESS":"Configuration modifiée avec succès !", + "CONFIG__KEY_WEBSITE_URL": "Adresse du Site (Avec protocol, http/https)", "CONFIG__KEY_NAME": "Nom du site", "CONFIG__KEY_VERSION": "Version du CMS", "CONFIG__KEY_EMAIL": "Email pour envoyer des emails aux utilisateurs", diff --git a/lang/ru_RU.json b/lang/ru_RU.json index be05406d..1a4aab55 100644 --- a/lang/ru_RU.json +++ b/lang/ru_RU.json @@ -185,6 +185,7 @@ "CONFIG__SOCIAL_PREFERENCES" : "Социальные предпочтения" , "CONFIG__OTHER_PREFERENCES": "Настройки другого", "CONFIG__EDIT_SUCCESS" : "Конфигурация успешно изменена!" , + "CONFIG__KEY_WEBSITE_URL": "Адрес сайта (С протоколом, http/https)", "CONFIG__KEY_NAME": "Имя сайта", "CONFIG__KEY_VERSION": "Версия CMS", "CONFIG__KEY_EMAIL": "Электронная почта для отправки электронных писем пользователям",