Skip to content

Commit

Permalink
Prevent Cross-Site Request Forgery
Browse files Browse the repository at this point in the history
  • Loading branch information
@erikdubbelboer
erikdubbelboer committed Aug 26, 2021
1 parent 51c5425 commit b9039ad
Show file tree
Hide file tree
Showing 7 changed files with 24 additions and 0 deletions.
1 change: 1 addition & 0 deletions edit.php
View file
Expand Up @@ -145,6 +145,7 @@
?>
<h2><?php echo $edit ? 'Edit' : 'Add'?></h2>
<form action="<?php echo format_html(getRelativePath('edit.php'))?>" method="post">
<input type="hidden" name="csrf" value="<?php echo $csrfToken; ?>" />

<p>
<label for="type">Type:</label>
Expand Down
1 change: 1 addition & 0 deletions export.php
View file
Expand Up @@ -187,6 +187,7 @@ function export_json($key) {
<h2>Export <?php echo isset($_GET['key']) ? format_html($_GET['key']) : ''?></h2>

<form action="<?php echo format_html(getRelativePath('export.php'))?>" method="post">
<input type="hidden" name="csrf" value="<?php echo $csrfToken; ?>" />

<p>
<label for="type">Type:</label>
Expand Down
1 change: 1 addition & 0 deletions import.php
View file
Expand Up @@ -92,6 +92,7 @@
?>
<h2>Import</h2>
<form action="<?php echo format_html(getRelativePath('import.php'))?>" method="post">
<input type="hidden" name="csrf" value="<?php echo $csrfToken; ?>" />

<p>
<label for="commands">Commands:<br>
Expand Down
18 changes: 18 additions & 0 deletions includes/common.inc.php
View file
Expand Up @@ -4,6 +4,24 @@
define('PHPREDIS_ADMIN_PATH', dirname(__DIR__));


if (session_status() !== PHP_SESSION_DISABLED) {
session_start();

if (isset($_SESSION['phpredisadmin_csrf'])) {
$csrfToken = $_SESSION['phpredisadmin_csrf'];
} else {
$csrfToken = bin2hex(random_bytes(16));

This comment has been minimized.

Sign in to view

Copy link
@krzyko

krzyko Sep 7, 2021

Function random_bytes is missing in PHP 5.6 and this commit break whole package. Composer states that PHP 5.3.9 is sufficient
$_SESSION['phpredisadmin_csrf'] = $csrfToken;
}
} else {
$csrfToken = 'nosession';
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_POST['csrf'] !== $csrfToken) {
die('bad csrf token');
}
}


// These includes are needed by each script.
Expand Down
1 change: 1 addition & 0 deletions login.php
View file
Expand Up @@ -13,6 +13,7 @@
<h1 class="logo">phpRedisAdmin</h1>

<form class="form-signin" method="post" action="login.php">
<input type="hidden" name="csrf" value="<?php echo $csrfToken; ?>" />
<h2 class="form-signin-heading">Please log in</h2>

<?php if (isset($_POST['username']) || isset($_POST['password'])): ?>
Expand Down
1 change: 1 addition & 0 deletions rename.php
View file
Expand Up @@ -36,6 +36,7 @@
?>
<h2>Edit Name of <?php echo format_html($_GET['key'])?></h2>
<form action="<?php echo format_html(getRelativePath('rename.php'))?>" method="post">
<input type="hidden" name="csrf" value="<?php echo $csrfToken; ?>" />

<input type="hidden" name="old" value="<?php echo format_html($_GET['key'])?>">

Expand Down
1 change: 1 addition & 0 deletions ttl.php
View file
Expand Up @@ -27,6 +27,7 @@
?>
<h2>Edit TTL</h2>
<form action="<?php echo format_html(getRelativePath('ttl.php'))?>" method="post">
<input type="hidden" name="csrf" value="<?php echo $csrfToken; ?>" />

<p>
<label for="key">Key:</label>
Expand Down

1 comment on commit b9039ad

@erikdubbelboer
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks to @zidingz for reporting this!

Please sign in to comment.