Added CSFR-token to delete-URLs (#679)
View #670 for full vulnerability disclosure.
This commit is contained in:
parent
267002ba20
commit
3524aaa782
|
@ -5,6 +5,10 @@ Changelog
|
|||
Not yet released
|
||||
----------------
|
||||
|
||||
v3.3.2 (released November 22, 2018)
|
||||
--------------------------------
|
||||
* #679: Fixed CSRF vulnerability, added CSRF-token to delete-URLs.
|
||||
|
||||
v3.3.1 (released August 10, 2018)
|
||||
--------------------------------
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ PHP Server Monitor
|
|||
:alt: Join the chat at https://gitter.im/erickrf/nlpnet
|
||||
:target: https://gitter.im/phpservermon/phpservermon
|
||||
|
||||
Version 3.3.0
|
||||
Version 3.3.2
|
||||
|
||||
|
||||
PHP Server Monitor is a script that checks whether your websites and servers are up and running.
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
/**
|
||||
* Current PSM version
|
||||
*/
|
||||
define('PSM_VERSION', '3.3.1');
|
||||
define('PSM_VERSION', '3.3.2');
|
||||
|
||||
/**
|
||||
* URL to check for updates. Will not be checked if turned off on config page.
|
||||
|
|
|
@ -175,6 +175,25 @@ class Router {
|
|||
}
|
||||
}
|
||||
}
|
||||
if ($request->getMethod() == 'GET' && $request->query->get('action', '') == "delete") {
|
||||
// require CSRF token for all GET calls that delete something
|
||||
$session = $this->container->get('user')->getSession();
|
||||
$token_in = $request->query->get('csrf', '');
|
||||
$csrf_key = $controller->getCSRFKey();
|
||||
|
||||
if (empty($csrf_key)) {
|
||||
if (!hash_equals($session->get('csrf_token'), $token_in)) {
|
||||
throw new \InvalidArgumentException('invalid_csrf_token');
|
||||
}
|
||||
} else {
|
||||
if (!hash_equals(
|
||||
hash_hmac('sha256', $csrf_key, $session->get('csrf_token2')),
|
||||
$token_in
|
||||
)) {
|
||||
throw new \InvalidArgumentException('invalid_csrf_token');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// get min required level for this controller and make sure the user matches
|
||||
$min_lvl = $controller->getMinUserLevelRequired();
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
{% macro csrf_input() %}
|
||||
<input type="hidden" name="csrf" value="{{ csrf_token(csrf_key|default('')) }}" />
|
||||
{% endmacro %}
|
||||
|
||||
{% macro csrf_query() %}
|
||||
&csrf={{ csrf_token(csrf_key|default('')) }}
|
||||
{% endmacro %}
|
|
@ -1,5 +1,6 @@
|
|||
{% import 'main/macros.tpl.html' as macro %}
|
||||
{% if has_admin_actions %}
|
||||
<a class="btn btn-danger show-modal" href="{{ url_delete|raw }}" title="Delete" data-modal-id="delete" data-modal-param="{{ label }}">
|
||||
<a class="btn btn-danger show-modal" href="{{ url_delete|raw }}{{ macro.csrf_query() }}" title="Delete" data-modal-id="delete" data-modal-param="{{ label }}">
|
||||
<i class="icon-trash icon-white"></i> {{ label_clear_log }}
|
||||
</a>
|
||||
<br><br>
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{% import 'main/macros.tpl.html' as macro %}
|
||||
<table class="table table-bordered table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
|
@ -39,7 +40,7 @@
|
|||
<a class="btn btn-small" href="{{ server.url_view|raw }}"><i class="icon-chart"></i></a>
|
||||
{% if user_level == 10 %}
|
||||
<a class="btn btn-small" href="{{ server.url_edit|raw }}" title="{{ label_edit }}"><i class="icon-pencil"></i></a>
|
||||
<a class="btn btn-small btn-danger show-modal" href="{{ server.url_delete|raw }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ server.label }}"><i class="icon-remove icon-white"></i></a>
|
||||
<a class="btn btn-small btn-danger show-modal" href="{{ server.url_delete|raw }}{{ macro.csrf_query() }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ server.label }}"><i class="icon-remove icon-white"></i></a>
|
||||
{% endif %}
|
||||
</div>
|
||||
</td>
|
||||
|
@ -53,7 +54,7 @@
|
|||
<a class="btn btn-small" href="{{ server.url_view|raw }}"><i class="icon-chart"></i></a>
|
||||
{% if user_level == 10 %}
|
||||
<a class="btn btn-small" href="{{ server.url_edit|raw }}" title="{{ label_edit }}"><i class="icon-pencil"></i></a>
|
||||
<a class="btn btn-small btn-danger show-modal" href="{{ server.url_delete|raw }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ server.label }}"><i class="icon-remove icon-white"></i></a>
|
||||
<a class="btn btn-small btn-danger show-modal" href="{{ server.url_delete|raw }}{{ macro.csrf_query() }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ server.label }}"><i class="icon-remove icon-white"></i></a>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{% import 'main/macros.tpl.html' as macro %}
|
||||
<table class="table table-bordered">
|
||||
<colgroup>
|
||||
<col class="oce-first" />
|
||||
|
@ -100,7 +101,7 @@
|
|||
<a class="btn btn-success" href="{{ url_edit|raw }}">
|
||||
<i class="icon-edit icon-white"></i> {{ label_edit }}
|
||||
</a>
|
||||
<a class="btn btn-danger show-modal" href="{{ url_delete|raw }}" data-modal-id="delete" data-modal-param="{{ label }}">
|
||||
<a class="btn btn-danger show-modal" href="{{ url_delete|raw }}{{ macro.csrf_query() }}" data-modal-id="delete" data-modal-param="{{ label }}">
|
||||
<i class="icon-remove icon-white"></i> {{ label_delete }}
|
||||
</a>
|
||||
</td>
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{% import 'main/macros.tpl.html' as macro %}
|
||||
<table class="table table-bordered table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
|
@ -33,7 +34,7 @@
|
|||
<a class="btn btn-small" href="{{ user.url_edit|raw }}" title="{{ user.label_edit }}">
|
||||
<i class="icon-pencil"></i>
|
||||
</a>
|
||||
<a class="btn btn-small btn-danger show-modal" href="{{ user.url_delete|raw }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ user.user_name }}">
|
||||
<a class="btn btn-small btn-danger show-modal" href="{{ user.url_delete|raw }}{{ macro.csrf_query() }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ user.user_name }}">
|
||||
<i class="icon-remove icon-white"></i>
|
||||
</a>
|
||||
</div>
|
||||
|
@ -56,7 +57,7 @@
|
|||
<a class="btn btn-small" href="{{ user.url_edit|raw }}" title="{{ label_edit }}">
|
||||
<i class="icon-pencil"></i>
|
||||
</a>
|
||||
<a class="btn btn-small btn-danger show-modal" href="{{ user.url_delete|raw }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ user.user_name }}">
|
||||
<a class="btn btn-small btn-danger show-modal" href="{{ user.url_delete|raw }}{{ macro.csrf_query() }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ user.user_name }}">
|
||||
<i class="icon-remove icon-white"></i>
|
||||
</a>
|
||||
</td>
|
||||
|
|
Loading…
Reference in New Issue