Protect pageBackupRestore.php against CSRF

bigprof-software · Sep 13, 2021 · 1f02420 · 1f02420
1 parent f45953e
commit 1f02420
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/app/admin/pageBackupRestore.php b/app/admin/pageBackupRestore.php
@@ -57,8 +57,8 @@ protected function elapsed() {
 		}
 
 		protected function process_request($request) {
-			/* action must be a valid controller, else set to default (main) */
-			$controller = isset($request['action']) ? $request['action'] : false;
+			/* action must be a valid controller, and CSRF token valid, else set to default (main) */
+			$controller = isset($request['action']) && csrf_token(true) ? $request['action'] : false;
 			if(!in_array($controller, $this->controllers())) $request['action'] = 'main';
 
 			$this->request = $request;
@@ -159,6 +159,8 @@ public function main() {
 			</script>
 
 			<?php
+				echo csrf_token();
+
 				echo Notification::show(array(
 					'message' => '<i class="glyphicon glyphicon-info-sign"></i> ' . $this->lang['about backups'],
 					'class' => 'info',
@@ -217,7 +219,7 @@ public function main() {
 						var display_backups = function() {
 							$j.ajax({
 								url: page,
-								data: { action: 'get_backup_files' },
+								data: { action: 'get_backup_files', csrf_token: $j('#csrf_token').val() },
 								success: function(resp) {
 									try{
 										var list = JSON.parse(resp);
@@ -251,7 +253,7 @@ public function main() {
 
 								$j.ajax({
 									url: page,
-									data: { action: 'restore', md5_hash: $j(this).data('md5_hash') },
+									data: { action: 'restore', md5_hash: $j(this).data('md5_hash'), csrf_token: $j('#csrf_token').val() },
 									success: function() {
 										show_notification({
 											message: backup_restored,
@@ -275,7 +277,7 @@ class: 'danger',
 
 								$j.ajax({
 									url: page,
-									data: { action: 'delete', md5_hash: $j(this).data('md5_hash') },
+									data: { action: 'delete', md5_hash: $j(this).data('md5_hash'), csrf_token: $j('#csrf_token').val() },
 									success: function() {
 										show_notification({
 											message: backup_deleted,
@@ -309,7 +311,7 @@ class: 'danger',
 							btn.addClass('btn-warning').prop('disabled', true).html('<i class="glyphicon glyphicon-hourglass"></i> ' + please_wait);
 							$j.ajax({
 								url: page,
-								data: { action: 'create_backup' },
+								data: { action: 'create_backup', csrf_token: $j('#csrf_token').val() },
 								success: function() {
 									btn.removeClass('btn-warning btn-primary').addClass('btn-success').html('<i class="glyphicon glyphicon-ok"></i> ' + finished);
 								},