From b57e3b0e2f23dd59325fb0026944bba0acebecda Mon Sep 17 00:00:00 2001
From: Erik Dubbelboer <erik@dubbelboer.com>
Date: Wed, 8 Sep 2021 07:42:57 +0000
Subject: [PATCH] Fix CSRF bugs

---
 includes/header.inc.php | 4 ++++
 index.php               | 2 +-
 js/frame.js             | 2 +-
 js/index.js             | 6 +++---
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/includes/header.inc.php b/includes/header.inc.php
index aa618f1..9602370 100644
--- a/includes/header.inc.php
+++ b/includes/header.inc.php
@@ -35,5 +35,9 @@
 <script src="js/<?php echo $js; ?>.js?v<?=$version?>"></script>
 <?php } ?>
 
+<script>
+phpRedisAdmin_csrfToken = '<?php echo $csrfToken; ?>';
+</script>
+
 </head>
 <body>
diff --git a/index.php b/index.php
index 933796a..deee99c 100644
--- a/index.php
+++ b/index.php
@@ -245,7 +245,7 @@ function getDbInfo($d, $info, $padding = '') {
 </p>
 <button id="selected_all_keys">Select all</button>
 <button id="operations">
-<a href="delete.php?s=<?php echo $server['id']?>&amp;d=<?php echo $server['db']?>&batch_del=1" class="batch_del">Delete selected<img src="images/delete.png" style="width: 1em;height: 1em;vertical-align: middle;" title="Delete selected" alt="[X]"></a>
+<a href="delete.php?s=<?php echo $server['id']?>&amp;d=<?php echo $server['db']?>&batch_del=1&csrf=<?php echo $csrfToken; ?>" class="batch_del">Delete selected<img src="images/delete.png" style="width: 1em;height: 1em;vertical-align: middle;" title="Delete selected" alt="[X]"></a>
 </button>
 </div>
 <div id="keys">
diff --git a/js/frame.js b/js/frame.js
index b3b84b5..1a77e34 100644
--- a/js/frame.js
+++ b/js/frame.js
@@ -18,7 +18,7 @@ $(function() {
       $.ajax({
         type: "POST",
         url: this.href,
-        data: 'post=1',
+        data: 'post=1&csrf=' + phpRedisAdmin_csrfToken,
         success: function(url) {
           top.location.href = top.location.pathname+url;
         }
diff --git a/js/index.js b/js/index.js
index 3557014..a3ba627 100644
--- a/js/index.js
+++ b/js/index.js
@@ -28,7 +28,7 @@ $(function() {
         $.ajax({
           type: "POST",
           url: this.href,
-          data: 'post=1&selected_keys=' + selected_keys,
+          data: 'post=1&selected_keys=' + selected_keys + '&csrf=' + phpRedisAdmin_csrfToken,
           success: function(url) {
             top.location.href = top.location.pathname+url;
           }
@@ -41,7 +41,7 @@ $(function() {
         $.ajax({
           type: "POST",
           url: this.href,
-          data: 'post=1',
+          data: 'post=1&csrf=' + phpRedisAdmin_csrfToken,
           success: function(url) {
             top.location.href = top.location.pathname+url;
           }
@@ -74,7 +74,7 @@ $(function() {
           $.ajax({
             type: "POST",
             url: href,
-            data: 'post=1',
+            data: 'post=1&csrf=' + phpRedisAdmin_csrfToken,
             success: function() {
               window.location.reload();
             }