fix csrf for clearing apcu/opcache cache

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
froxlor · Dec 31, 2022 · f7f356e · f7f356e
1 parent 5a807e3
commit f7f356e
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 10 deletions.
diff --git a/admin_apcuinfo.php b/admin_apcuinfo.php
@@ -34,20 +34,31 @@
 use Froxlor\FroxlorLogger;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Response;
+use Froxlor\UI\HTML;
 
 const AREA = 'admin';
 require __DIR__ . '/lib/init.php';
 
 $horizontal_bar_size = 950; // 1280px window width
 
 if ($action == 'delete' && function_exists('apcu_clear_cache') && $userinfo['change_serversettings'] == '1') {
-	apcu_clear_cache();
-	$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "cleared APCu cache");
-	header('Location: ' . $linker->getLink([
+	if ($_POST['send'] == 'send') {
+		apcu_clear_cache();
+		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "cleared APCu cache");
+		header('Location: ' . $linker->getLink([
+				'section' => 'apcuinfo',
+				'page' => 'showinfo'
+			]));
+		exit();
+	} else {
+		HTML::askYesNo('cache_reallydelete', $filename, [
+			'page' => $page,
+			'action' => 'delete',
+		], '', [
 			'section' => 'apcuinfo',
 			'page' => 'showinfo'
-		]));
-	exit();
+		]);
+	}
 }
 
 if (!function_exists('apcu_cache_info') || !function_exists('apcu_sma_info')) {

diff --git a/admin_opcacheinfo.php b/admin_opcacheinfo.php
@@ -35,15 +35,26 @@
 use Froxlor\FroxlorLogger;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Response;
+use Froxlor\UI\HTML;
 
 if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {
-	opcache_reset();
-	$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
-	header('Location: ' . $linker->getLink([
+	if ($_POST['send'] == 'send') {
+		opcache_reset();
+		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
+		header('Location: ' . $linker->getLink([
+				'section' => 'opcacheinfo',
+				'page' => 'showinfo'
+			]));
+		exit();
+	} else {
+		HTML::askYesNo('cache_reallydelete', $filename, [
+			'page' => $page,
+			'action' => 'reset',
+		], '', [
 			'section' => 'opcacheinfo',
 			'page' => 'showinfo'
-		]));
-	exit();
+		]);
+	}
 }
 
 if (!function_exists('opcache_get_configuration')) {

diff --git a/lng/de.lng.php b/lng/de.lng.php
@@ -1279,6 +1279,7 @@
 		'apikey_reallyadd' => 'Einen neuen Api-Key erstellen?',
 		'dnsentry_reallydelete' => 'Wollen Sie den DNS-Eintrag wirklich löschen?',
 		'certificate_reallydelete' => 'Wollen Sie diese Zertifikat wirklich löschen?',
+		'cache_reallydelete' => 'Wollen Sie den Cache wirklich leeren?',
 	],
 	'serversettings' => [
 		'session_timeout' => [

diff --git a/lng/en.lng.php b/lng/en.lng.php
@@ -1391,6 +1391,7 @@
 		'apikey_reallyadd' => 'Do you really want to create a new api-key?',
 		'dnsentry_reallydelete' => 'Do you really want to delete this zone entry?',
 		'certificate_reallydelete' => 'Do you really want to delete this certificate?',
+		'cache_reallydelete' => 'Do you really want to clear the cache?',
 	],
 	'redirect_desc' => [
 		'rc_default' => 'default',