Fix CSRF bugs

erikdubbelboer · Sep 8, 2021 · b57e3b0 · b57e3b0
1 parent f62fd14
commit b57e3b0
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 5 deletions.
diff --git a/includes/header.inc.php b/includes/header.inc.php
@@ -35,5 +35,9 @@
 <script src="js/<?php echo $js; ?>.js?v<?=$version?>"></script>
 <?php } ?>
 
+<script>
+phpRedisAdmin_csrfToken = '<?php echo $csrfToken; ?>';
+</script>
+
 </head>
 <body>
diff --git a/index.php b/index.php
@@ -245,7 +245,7 @@ function getDbInfo($d, $info, $padding = '') {
 </p>
 <button id="selected_all_keys">Select all</button>
 <button id="operations">
-<a href="delete.php?s=<?php echo $server['id']?>&amp;d=<?php echo $server['db']?>&batch_del=1" class="batch_del">Delete selected<img src="images/delete.png" style="width: 1em;height: 1em;vertical-align: middle;" title="Delete selected" alt="[X]"></a>
+<a href="delete.php?s=<?php echo $server['id']?>&amp;d=<?php echo $server['db']?>&batch_del=1&csrf=<?php echo $csrfToken; ?>" class="batch_del">Delete selected<img src="images/delete.png" style="width: 1em;height: 1em;vertical-align: middle;" title="Delete selected" alt="[X]"></a>
 </button>
 </div>
 <div id="keys">

diff --git a/js/frame.js b/js/frame.js
@@ -18,7 +18,7 @@ $(function() {
       $.ajax({
         type: "POST",
         url: this.href,
-        data: 'post=1',
+        data: 'post=1&csrf=' + phpRedisAdmin_csrfToken,
         success: function(url) {
           top.location.href = top.location.pathname+url;
         }

diff --git a/js/index.js b/js/index.js
@@ -28,7 +28,7 @@ $(function() {
         $.ajax({
           type: "POST",
           url: this.href,
-          data: 'post=1&selected_keys=' + selected_keys,
+          data: 'post=1&selected_keys=' + selected_keys + '&csrf=' + phpRedisAdmin_csrfToken,
           success: function(url) {
             top.location.href = top.location.pathname+url;
           }
@@ -41,7 +41,7 @@ $(function() {
         $.ajax({
           type: "POST",
           url: this.href,
-          data: 'post=1',
+          data: 'post=1&csrf=' + phpRedisAdmin_csrfToken,
           success: function(url) {
             top.location.href = top.location.pathname+url;
           }
@@ -74,7 +74,7 @@ $(function() {
           $.ajax({
             type: "POST",
             url: href,
-            data: 'post=1',
+            data: 'post=1&csrf=' + phpRedisAdmin_csrfToken,
             success: function() {
               window.location.reload();
             }