Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Add admin SQL queries page to allow admin to easily query the databas…
…e and store queries for later reference. Improved UI/UX of members list page in admin area. Fix various low severity stored and reflected xss vulnerabilities. Fix CSRF issues in various admin pages. Code refactoring in various files.
- Loading branch information
Ahmad Gneady
committed
Jul 3, 2021
1 parent
0a2aaf5
commit 2dc485e
Showing
73 changed files
with
1,040 additions
and
229 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
<?php | ||
/* | ||
Manage stored SQL queries for admin user. | ||
Parameters: | ||
queries: (optional) a json string [{name, query}, ..]) to store. | ||
Response: | ||
stored queries (as a json string). | ||
queries are stored in the membership_users.data field for the current user, under the key 'storedQueries' | ||
*/ | ||
|
||
$currDir = dirname(__FILE__); | ||
require("{$currDir}/incCommon.php"); | ||
|
||
if(!csrf_token(true)) { | ||
@header('HTTP/1.0 403 Access Denied'); | ||
die(); | ||
} | ||
|
||
// store queries if provided | ||
if(isset($_REQUEST['queries'])) { | ||
$queries = $_REQUEST['queries']; | ||
setUserData('storedQueries', $queries); | ||
} | ||
|
||
echo getUserData('storedQueries'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<?php | ||
$currDir = dirname(__FILE__); | ||
require("{$currDir}/incCommon.php"); | ||
|
||
if(!csrf_token(true)) { | ||
@header('HTTP/1.0 403 Access Denied'); | ||
die(); | ||
} | ||
|
||
$sql = trim($_REQUEST['sql']); | ||
if(!preg_match('/^SELECT\s+.*?\s+FROM\s+\S+/i', $sql)) { | ||
@header('HTTP/1.0 404 Not Found'); | ||
die("Invalid query"); | ||
} | ||
|
||
// force a limit of 1000 in case no limit specified | ||
if(!preg_match('/\s+limit\s+\d+(\s*,\s*\d+)?/i', $sql)) | ||
$sql .= ' LIMIT 1000'; | ||
|
||
$resp = ['titles' => [], 'data' => [], 'error' => '']; | ||
$eo = ['silentErrors' => true]; | ||
|
||
$res = sql($sql, $eo); | ||
if(!$res) | ||
$resp['error'] = $eo['error']; | ||
else while($row = db_fetch_assoc($res)) { | ||
if(!count($resp['titles'])) | ||
$resp['titles'] = array_keys($row); | ||
|
||
$resp['data'][] = array_map('htmlspecialchars', array_values($row)); | ||
} | ||
|
||
@header('Content-type: application/json'); | ||
echo json_encode($resp, JSON_PARTIAL_OUTPUT_ON_ERROR); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,17 @@ | ||
<?php | ||
$currDir=dirname(__FILE__); | ||
require("$currDir/incCommon.php"); | ||
require(__DIR__ . '/incCommon.php'); | ||
|
||
// validate input | ||
$memberID=makeSafe(strtolower($_GET['memberID'])); | ||
$memberID = makeSafe(strtolower($_GET['memberID'])); | ||
|
||
sql("delete from membership_users where lcase(memberID)='$memberID'", $eo); | ||
sql("update membership_userrecords set memberID='' where lcase(memberID)='$memberID'", $eo); | ||
if(!csrf_token(true)) die($Translation['csrf token expired or invalid']); | ||
|
||
$eo = ['silentErrors' => true]; | ||
sql("DELETE FROM `membership_users` WHERE LCASE(`memberID`)='$memberID'", $eo); | ||
sql("UPDATE `membership_userrecords` SET `memberID`='' WHERE LCASE(`memberID`)='$memberID'", $eo); | ||
|
||
if($_SERVER['HTTP_REFERER']) { | ||
redirect($_SERVER['HTTP_REFERER'], TRUE); | ||
} else { | ||
redirect("admin/pageViewMembers.php"); | ||
redirect('admin/pageViewMembers.php'); | ||
} | ||
|
||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<?php | ||
|
||
require(__DIR__ . '/incCommon.php'); | ||
|
||
// validate input | ||
$recID = intval($_GET['recID']); | ||
|
||
if(!csrf_token(true)) die($Translation['csrf token expired or invalid']); | ||
|
||
$eo = ['silentErrors' => true]; | ||
$res = sql("SELECT `tableName`, `pkValue` FROM `membership_userrecords` WHERE `recID`='{$recID}'", $eo); | ||
if($row = db_fetch_row($res)) { | ||
sql("DELETE FROM `membership_userrecords` WHERE `recID`='{$recID}'", $eo); | ||
if($pkName = getPKFieldName($row[0])) { | ||
sql("DELETE FROM `{$row[0]}` WHERE `{$pkName}`='" . makeSafe($row[1]) . "'", $eo); | ||
} | ||
} | ||
|
||
if($_SERVER['HTTP_REFERER']) { | ||
redirect($_SERVER['HTTP_REFERER'], TRUE); | ||
exit; | ||
} | ||
|
||
redirect('admin/pageViewRecords.php'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.