Skip to content

Commit

Permalink
Protect maintenance mode against CSRF.
Browse files Browse the repository at this point in the history
  • Loading branch information
Ahmad Gneady committed Jul 11, 2021
1 parent be345e5 commit 41ed219
Show file tree
Hide file tree
Showing 7 changed files with 18 additions and 9 deletions.
5 changes: 3 additions & 2 deletions app/admin/ajax-maintenance-mode.php
View file
@@ -1,9 +1,10 @@
<?php
$currDir = dirname(__FILE__);
require("{$currDir}/incCommon.php");
require(__DIR__ . '/incCommon.php');

if(!getLoggedAdmin()) exit;

if(!csrf_token(true)) exit;

$status = $_REQUEST['status'];
if($status == 'on') maintenance_mode(true);
if($status == 'off') maintenance_mode(false);
Expand Down
2 changes: 1 addition & 1 deletion app/admin/pageEditMember.php
View file
Expand Up @@ -306,7 +306,7 @@
<?php for($cust = 1; $cust <= 4; $cust++) { ?>
<?php if($adminConfig["custom{$cust}"] != '') { ?>
<div class="form-group">
<label for="custom<?php echo $cust; ?>" class="label-classes control-label"><?php echo $adminConfig["custom{$cust}"]; ?></label>
<label for="custom<?php echo $cust; ?>" class="label-classes control-label"><?php echo htmlspecialchars($adminConfig["custom{$cust}"]); ?></label>
<div class="input-classes">
<input class="form-control" type="text" name="custom<?php echo $cust; ?>" id="custom<?php echo $cust; ?>" value="<?php echo $customs[$cust]; ?>" >
</div>
Expand Down
12 changes: 10 additions & 2 deletions app/admin/pageHome.php
View file
Expand Up @@ -66,7 +66,11 @@
if($j(this).hasClass('locked_active') || $j(this).hasClass('unlocked_inactive')) {
if(confirm('<?php echo html_attr($Translation['enable maintenance mode?']); ?>')) {
$j.ajax({
url: 'ajax-maintenance-mode.php?status=on',
url: 'ajax-maintenance-mode.php',
data: {
status: 'on',
csrf_token: '<?php echo csrf_token(false, true); ?>'
},
complete: function() {
location.reload();
}
Expand All @@ -75,7 +79,11 @@
} else {
if(confirm('<?php echo html_attr($Translation['disable maintenance mode?']); ?>')) {
$j.ajax({
url: 'ajax-maintenance-mode.php?status=off',
url: 'ajax-maintenance-mode.php',
data: {
status: 'off',
csrf_token: '<?php echo csrf_token(false, true); ?>'
},
complete: function() {
location.reload();
}
Expand Down
2 changes: 1 addition & 1 deletion app/admin/pageServerStatus.php
View file
@@ -1,6 +1,6 @@
<?php
$appgini_version = '6.0.1145';
$generated_ts = '11/7/2021 1:52:42 AM';
$generated_ts = '11/7/2021 2:33:14 AM';

$currDir = dirname(__FILE__);
require("{$currDir}/incCommon.php");
Expand Down
2 changes: 1 addition & 1 deletion app/membership_profile.php
View file
Expand Up @@ -138,7 +138,7 @@

<?php for($i=1; $i<5; $i++) { ?>
<div class="form-group">
<label for="custom<?php echo $i; ?>"><?php echo $adminConfig['custom'.$i]; ?></label>
<label for="custom<?php echo $i; ?>"><?php echo htmlspecialchars($adminConfig['custom'.$i]); ?></label>
<input type="text" id="custom<?php echo $i; ?>" name="custom<?php echo $i; ?>" value="<?php echo html_attr($mi['custom'][$i-1]); ?>" class="form-control">
</div>
<?php } ?>
Expand Down
2 changes: 1 addition & 1 deletion app/membership_signup.php
View file
Expand Up @@ -153,7 +153,7 @@
?>
<div class="row form-group">
<div class="col-sm-3"><label class="control-label" for="custom<?php echo $cf; ?>"><?php echo htmlspecialchars($adminConfig['custom'.$cf]); ?></label></div>
<div class="col-sm-9"><input class="form-control" type="text" placeholder="<?php echo htmlspecialchars($adminConfig['custom'.$cf]); ?>" id="custom<?php echo $cf; ?>" name="custom<?php echo $cf; ?>"></div>
<div class="col-sm-9"><input class="form-control" type="text" placeholder="<?php echo html_attr($adminConfig['custom'.$cf]); ?>" id="custom<?php echo $cf; ?>" name="custom<?php echo $cf; ?>"></div>
</div>
<?php
}
Expand Down
2 changes: 1 addition & 1 deletion orpm.axp
View file

Large diffs are not rendered by default.

0 comments on commit 41ed219

Please sign in to comment.