mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Add multiple missing CSRF tokens (#439)

Browse Source 
Deleting comments, disabling comment threads, installing plugins, toggling a spartacus update check
This commit is contained in:
onli 2017-01-16 15:27:52 +01:00
parent c62d667287
commit f947c66f66
4 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
comment.php
View File

@ -9,7 +9,7 @@ include S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php';
header('Content-Type: text/html; charset=' . LANG_CHARSET);
if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type'])) {
if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']) && serendipity_checkFormToken()) {
serendipity_deleteComment($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']);
if (serendipity_isResponseClean($_SERVER['HTTP_REFERER']) && preg_match('@^https?://' . preg_quote($_SERVER['HTTP_HOST'], '@') . '@imsU')) {
header('Status: 302 Found');
@ -18,7 +18,7 @@ if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendip
}
}
if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry'])) {
if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry']) && serendipity_checkFormToken()) {
serendipity_allowCommentsToggle($serendipity['GET']['entry'], $serendipity['GET']['switch']);
}

5
include/admin/plugins.inc.php
View File

@ -150,7 +150,7 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
$data['license'] = $license;
$data['config'] = serendipity_plugin_config($plugin, $bag, $name, $desc, $config_names, true, true, true, true, 'plugin', $config_groups);
} elseif ( $serendipity['GET']['adminAction'] == 'addnew' ) {
} elseif ( $serendipity['GET']['adminAction'] == 'addnew' && serendipity_checkFormToken()) {
$serendipity['GET']['type'] = $serendipity['GET']['type'] ?: 'sidebar';
$data['adminAction'] = 'addnew';
$data['type'] = $serendipity['GET']['type'];
@ -358,7 +358,7 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
}
}
if (isset($serendipity['GET']['install_plugin'])) {
if (isset($serendipity['GET']['install_plugin']) && serendipity_checkFormToken()) {
$authorid = $serendipity['authorid'];
if (serendipity_checkPermission('adminPluginsMaintainOthers')) {
$authorid = '0';
@ -472,6 +472,7 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
$data['updateAllMsg'] = isset($serendipity['GET']['updateAllMsg']);
}
$data['urltoken'] = serendipity_setFormToken('url');
echo serendipity_smarty_show('admin/plugins.inc.tpl', $data);

5
include/functions_entries.inc.php
View File

@ -1175,8 +1175,9 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm
$entry['link_rdf'] = serendipity_rewriteURL(PATH_FEEDS . '/ei_'. $entry['id'] .'.rdf');
$entry['title_rdf'] = serendipity_specialchars($entry['title_rdf']);
$entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&serendipity[entry]=' . $entry['id'];
$entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&serendipity[entry]=' . $entry['id'];
$formToken = serendipity_setFormToken('url');
$entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&serendipity[entry]=' . $entry['id'] . '&' . $formToken;
$entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&serendipity[entry]=' . $entry['id'] . '&' . $formToken;
$entry['allow_comments'] = serendipity_db_bool($entry['allow_comments']);
$entry['moderate_comments'] = serendipity_db_bool($entry['moderate_comments']);
$entry['viewmode'] = ($serendipity['GET']['cview'] == VIEWMODE_LINEAR ? VIEWMODE_LINEAR : VIEWMODE_THREADED);

8
templates/2k11/admin/plugins.inc.tpl
View File

@ -132,9 +132,9 @@
{if isset($requirements_failures.{$plug.class_name})}
<span class="unmet_requirements msg_error"><span class="icon-attention-circled" aria-hidden="true"></span> {$CONST.UNMET_REQUIREMENTS|sprintf:"{if $requirements_failures.{$plug.class_name}.s9y}s9y $plug.requirements..serendipity,{/if} {if $requirements_failures.{$plug.class_name}.php}PHP $plug.requirements.php,{/if} {if $requirements_failures.{$plug.class_name}.smarty}Smarty $plug.requirements.smarty{/if}"}</span>
{elseif $plug['upgradable'] == true}
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug['customURI'])}{$plug.customURI}{/if}" title="{$CONST.PLUGIN_EVENT_SPARTACUS_CHECK_HINT}">{$CONST.UPGRADE}</a>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug['customURI'])}{$plug.customURI}{/if}&amp;{$urltoken}" title="{$CONST.PLUGIN_EVENT_SPARTACUS_CHECK_HINT}">{$CONST.UPGRADE}</a>
{elseif $plug.installable == true}
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug.customURI)}{$plug.customURI}{/if}">{$CONST.INSTALL}</a>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug.customURI)}{$plug.customURI}{/if}&amp;{$urltoken}">{$CONST.INSTALL}</a>
{else}
<span class="block_level"><span class="icon-ok-circled" aria-hidden="true"></span> {$CONST.ALREADY_INSTALLED}</span>
{/if}
@ -168,7 +168,7 @@
<div class="tabs" id="pluginlist_tabs">
<section id="pluginlist_sidebar" class="panel">
<h3>{$CONST.SIDEBAR_PLUGINS}</h3>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.SIDEBAR_PLUGIN}"}'>{$CONST.INSTALL_NEW_SIDEBAR_PLUGIN}</a>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew&amp;{$urltoken}" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.SIDEBAR_PLUGIN}"}'>{$CONST.INSTALL_NEW_SIDEBAR_PLUGIN}</a>
{$backend_plugins_sidebar_header}
{$sidebar_plugins}
@ -176,7 +176,7 @@
<section id="pluginlist_event" class="panel">
<h3>{$CONST.EVENT_PLUGINS}</h3>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew&amp;serendipity[type]=event" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.EVENT_PLUGIN}"}'>{$CONST.INSTALL_NEW_EVENT_PLUGIN}</a>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew&amp;serendipity[type]=event&amp;{$urltoken}" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.EVENT_PLUGIN}"}'>{$CONST.INSTALL_NEW_EVENT_PLUGIN}</a>
{$backend_plugins_event_header}
{$event_plugins}