From 3af0bbb0856fe821ba20df22884fc7a7b95c3bcb Mon Sep 17 00:00:00 2001 From: Thorsten Rinne Date: Wed, 27 Jul 2022 12:43:45 +0200 Subject: [PATCH] fix: added CSRF check for the logout --- phpmyfaq/assets/src/setup.js | 1 - phpmyfaq/index.php | 18 ++++++++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/phpmyfaq/assets/src/setup.js b/phpmyfaq/assets/src/setup.js index 0b754ebdca..66f3bce8c3 100644 --- a/phpmyfaq/assets/src/setup.js +++ b/phpmyfaq/assets/src/setup.js @@ -112,7 +112,6 @@ $(document).ready(function () { ), isValid = true; - console.log('Button clicked', curStepBtn); $('.form-group.row input').removeClass('is-invalid'); for (let i = 0; i < curInputs.length; i++) { diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php index 5ea75681b9..fd6cf8f999 100755 --- a/phpmyfaq/index.php +++ b/phpmyfaq/index.php @@ -120,6 +120,16 @@ $faqpassword = ''; } +// +// Get CSRF Token +// +$csrfToken = Filter::filterInput(INPUT_GET, 'csrf', FILTER_UNSAFE_RAW); +if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) { + $csrfChecked = false; +} else { + $csrfChecked = true; +} + // Login via local DB or LDAP or SSO if (!is_null($faqusername) && !is_null($faqpassword)) { $user = new CurrentUser($faqConfig); @@ -175,7 +185,7 @@ // // Logout // -if ('logout' === $action && isset($auth)) { +if ($csrfChecked && 'logout' === $action && isset($auth)) { $user->deleteFromSession(true); $auth = null; $action = 'main'; @@ -677,7 +687,11 @@ $PMF_LANG['headerUserControlPanel'] . '', 'msgUserRemoval' => '' . $PMF_LANG['ad_menu_RequestRemove'] . '', - 'msgLogoutUser' => '' . $PMF_LANG['ad_menu_logout'] . '', + 'msgLogoutUser' => sprintf( + '%s', + $user->getCsrfTokenFromSession(), + $PMF_LANG['ad_menu_logout'], + ), 'activeUserControl' => ('ucp' == $action) ? 'active' : '' ] );