Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Protect pageChangeMemberStatus.php against CSRF.
  • Loading branch information
Ahmad Gneady committed Sep 13, 2021
1 parent 7ea49f2 commit 700f4a6
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
2 changes: 2 additions & 0 deletions app/admin/pageChangeMemberStatus.php
Expand Up @@ -2,6 +2,8 @@
$currDir = dirname(__FILE__);
require("{$currDir}/incCommon.php");

if(!csrf_token(true)) die($Translation['csrf token expired or invalid']);

// validate input
$memberID = makeSafe(strtolower($_GET['memberID']));
$unban = ($_GET['unban'] == 1 ? 1 : 0);
Expand Down
10 changes: 6 additions & 4 deletions app/admin/pageViewMembers.php
Expand Up @@ -113,6 +113,8 @@

$start = ($page - 1) * $adminConfig['membersPerPage'];

$urlCsrfToken = 'csrf_token=' . urlencode(csrf_token(false, true));

?>
<div class="page-header">
<h1>
Expand Down Expand Up @@ -256,15 +258,15 @@
<i class="glyphicon glyphicon-trash text-muted"></i>
<i class="glyphicon glyphicon-ban-circle text-muted"></i>
<?php } else { ?>
<a href="pageDeleteMember.php?memberID=<?php echo urlencode($row[0]); ?>&csrf_token=<?php echo urlencode(csrf_token(false, true)); ?>" onClick="return confirm('<?php echo addslashes(str_replace('<USERNAME>', $row[0], $Translation['sure delete user'])); ?>');"><i class="glyphicon glyphicon-trash text-danger" title="<?php echo $Translation['delete member']; ?>"></i></a>
<a href="pageDeleteMember.php?memberID=<?php echo urlencode($row[0]); ?>&<?php echo $urlCsrfToken; ?>" onClick="return confirm('<?php echo addslashes(str_replace('<USERNAME>', $row[0], $Translation['sure delete user'])); ?>');"><i class="glyphicon glyphicon-trash text-danger" title="<?php echo $Translation['delete member']; ?>"></i></a>
<?php
if(!$row[9]) { // if member is not approved, display approve link
?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&approve=1"><i class="glyphicon glyphicon-ok text-success" title="<?php echo $Translation["unban this member"]; ?>" title="<?php echo $Translation["approve this member"]; ?>"></i></a><?php
?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&approve=1&<?php echo $urlCsrfToken; ?>"><i class="glyphicon glyphicon-ok text-success" title="<?php echo $Translation["unban this member"]; ?>" title="<?php echo $Translation["approve this member"]; ?>"></i></a><?php
} else {
if($row[8]) { // if member is banned, display unban link
?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&unban=1"><i class="glyphicon glyphicon-ok text-success" title="<?php echo $Translation["unban this member"]; ?>"></i></a><?php
?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&unban=1&<?php echo $urlCsrfToken; ?>"><i class="glyphicon glyphicon-ok text-success" title="<?php echo $Translation["unban this member"]; ?>"></i></a><?php
} else { // if member is not banned, display ban link
?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&ban=1"><i class="glyphicon glyphicon-ban-circle text-danger" title="<?php echo $Translation["ban this member"]; ?>"></i></a><?php
?><a href="pageChangeMemberStatus.php?memberID=<?php echo urlencode($row[0]); ?>&ban=1&<?php echo $urlCsrfToken; ?>"><i class="glyphicon glyphicon-ban-circle text-danger" title="<?php echo $Translation["ban this member"]; ?>"></i></a><?php
}
}
?>
Expand Down

0 comments on commit 700f4a6

Please sign in to comment.