Skip to content

Commit

Permalink
security: cross-site request forgery
Browse files Browse the repository at this point in the history 
- huntr bounty
  • Loading branch information
@HDVinnie
HDVinnie committed Sep 24, 2021
1 parent 9d49c53 commit bde1c76
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 28 deletions.
72 changes: 54 additions & 18 deletions resources/views/Staff/command/index.blade.php
View file
Expand Up @@ -40,8 +40,12 @@
</h3>
<h4 class="text-muted">This commands enables maintenance mode while whitelisting only you IP
Address.</h4>
<a href="{{ url('/dashboard/commands/maintance-enable') }}" class="btn btn-sm btn-primary">Run
Command</a>
<form role="form" method="POST" action="{{ url('/dashboard/commands/maintance-enable') }}">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> Run Commnd
</button>
</form>
</div>
</div>
</div>
Expand All @@ -54,8 +58,12 @@
</h3>
<h4 class="text-muted">This commands disables maintenance mode. Bringing the site backup for all
to access.</h4>
<a href="{{ url('/dashboard/commands/maintance-disable') }}" class="btn btn-sm btn-primary">Run
Command</a>
<form role="form" method="POST" action="{{ url('/dashboard/commands/maintance-disable') }}">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> Run Commnd
</button>
</form>
</div>
</div>
</div>
Expand All @@ -68,8 +76,12 @@
</h3>
<h4 class="text-muted">This commands clears your sites cache. This cache depends on what driver
you are using.</h4>
<a href="{{ url('/dashboard/commands/clear-cache') }}" class="btn btn-sm btn-primary">Run
Command</a>
<form role="form" method="POST" action="{{ url('/dashboard/commands/clear-cache') }}">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> Run Commnd
</button>
</form>
</div>
</div>
</div>
Expand All @@ -84,8 +96,12 @@
<i class="{{ config('other.font-awesome') }} fa-terminal"></i> Clear View Cache
</h3>
<h4 class="text-muted">This commands clears your sites compiled views cache.</h4>
<a href="{{ url('/dashboard/commands/clear-view-cache') }}" class="btn btn-sm btn-primary">Run
Command</a>
<form role="form" method="POST" action="{{ url('/dashboard/commands/clear-view-cache') }}">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> Run Commnd
</button>
</form>
</div>
</div>
</div>
Expand All @@ -97,8 +113,12 @@
<i class="{{ config('other.font-awesome') }} fa-terminal"></i> Clear Route Cache
</h3>
<h4 class="text-muted">This commands clears your sites compiled routes cache.</h4>
<a href="{{ url('/dashboard/commands/clear-route-cache') }}" class="btn btn-sm btn-primary">Run
Command</a>
<form role="form" method="POST" action="{{ url('/dashboard/commands/clear-route-cache') }}">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> Run Commnd
</button>
</form>
</div>
</div>
</div>
Expand All @@ -110,8 +130,12 @@
<i class="{{ config('other.font-awesome') }} fa-terminal"></i> Clear Config Cache
</h3>
<h4 class="text-muted">This commands clears your sites compiled configs cache.</h4>
<a href="{{ url('/dashboard/commands/clear-config-cache') }}" class="btn btn-sm btn-primary">Run
Command</a>
<form role="form" method="POST" action="{{ url('/dashboard/commands/clear-config-cache') }}">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> Run Commnd
</button>
</form>
</div>
</div>
</div>
Expand All @@ -126,8 +150,12 @@
<i class="{{ config('other.font-awesome') }} fa-terminal"></i> Clear All Cache
</h3>
<h4 class="text-muted">This commands clears ALL of your sites cache.</h4>
<a href="{{ url('/dashboard/commands/clear-all-cache') }}" class="btn btn-sm btn-primary">Run
Command</a>
<form role="form" method="POST" action="{{ url('/dashboard/commands/clear-all-cache') }}">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> Run Commnd
</button>
</form>
</div>
</div>
</div>
Expand All @@ -139,8 +167,12 @@
<i class="{{ config('other.font-awesome') }} fa-terminal"></i> Set All Cache
</h3>
<h4 class="text-muted">This commands sets ALL of your sites cache.</h4>
<a href="{{ url('/dashboard/commands/set-all-cache') }}" class="btn btn-sm btn-primary">Run
Command</a>
<form role="form" method="POST" action="{{ url('/dashboard/commands/set-all-cache') }}">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> Run Commnd
</button>
</form>
</div>
</div>
</div>
Expand All @@ -152,8 +184,12 @@
<i class="{{ config('other.font-awesome') }} fa-terminal"></i> Send Test Email
</h3>
<h4 class="text-muted">This commands tests your email configuration.</h4>
<a href="{{ url('/dashboard/commands/test-email') }}" class="btn btn-sm btn-primary">Run
Command</a>
<form role="form" method="POST" action="{{ url('/dashboard/commands/test-email') }}">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> Run Commnd
</button>
</form>
</div>
</div>
</div>
Expand Down
20 changes: 10 additions & 10 deletions routes/web.php
View file
Expand Up @@ -733,16 +733,16 @@
// Commands
Route::group(['prefix' => 'commands'], function () {
Route::get('/', [App\Http\Controllers\Staff\CommandController::class, 'index'])->name('staff.commands.index');
Route::get('/maintance-enable', [App\Http\Controllers\Staff\CommandController::class, 'maintanceEnable']);
Route::get('/maintance-disable', [App\Http\Controllers\Staff\CommandController::class, 'maintanceDisable']);
Route::get('/clear-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearCache']);
Route::get('/clear-view-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearView']);
Route::get('/clear-route-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearRoute']);
Route::get('/clear-config-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearConfig']);
Route::get('/clear-all-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearAllCache']);
Route::get('/set-all-cache', [App\Http\Controllers\Staff\CommandController::class, 'setAllCache']);
Route::get('/clear-compiled', [App\Http\Controllers\Staff\CommandController::class, 'clearCompiled']);
Route::get('/test-email', [App\Http\Controllers\Staff\CommandController::class, 'testEmail']);
Route::post('/maintance-enable', [App\Http\Controllers\Staff\CommandController::class, 'maintanceEnable']);
Route::post('/maintance-disable', [App\Http\Controllers\Staff\CommandController::class, 'maintanceDisable']);
Route::post('/clear-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearCache']);
Route::post('/clear-view-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearView']);
Route::post('/clear-route-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearRoute']);
Route::post('/clear-config-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearConfig']);
Route::post('/clear-all-cache', [App\Http\Controllers\Staff\CommandController::class, 'clearAllCache']);
Route::post('/set-all-cache', [App\Http\Controllers\Staff\CommandController::class, 'setAllCache']);
Route::post('/clear-compiled', [App\Http\Controllers\Staff\CommandController::class, 'clearCompiled']);
Route::post('/test-email', [App\Http\Controllers\Staff\CommandController::class, 'testEmail']);
});

// Flush System
Expand Down

0 comments on commit bde1c76

Please sign in to comment.