Added CSFR-token to delete-URLs (#679)
View #670 for full vulnerability disclosure.
This commit is contained in:
parent
267002ba20
commit
3524aaa782
|
@ -5,6 +5,10 @@ Changelog
|
||||||
Not yet released
|
Not yet released
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
|
v3.3.2 (released November 22, 2018)
|
||||||
|
--------------------------------
|
||||||
|
* #679: Fixed CSRF vulnerability, added CSRF-token to delete-URLs.
|
||||||
|
|
||||||
v3.3.1 (released August 10, 2018)
|
v3.3.1 (released August 10, 2018)
|
||||||
--------------------------------
|
--------------------------------
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ PHP Server Monitor
|
||||||
:alt: Join the chat at https://gitter.im/erickrf/nlpnet
|
:alt: Join the chat at https://gitter.im/erickrf/nlpnet
|
||||||
:target: https://gitter.im/phpservermon/phpservermon
|
:target: https://gitter.im/phpservermon/phpservermon
|
||||||
|
|
||||||
Version 3.3.0
|
Version 3.3.2
|
||||||
|
|
||||||
|
|
||||||
PHP Server Monitor is a script that checks whether your websites and servers are up and running.
|
PHP Server Monitor is a script that checks whether your websites and servers are up and running.
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
/**
|
/**
|
||||||
* Current PSM version
|
* Current PSM version
|
||||||
*/
|
*/
|
||||||
define('PSM_VERSION', '3.3.1');
|
define('PSM_VERSION', '3.3.2');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* URL to check for updates. Will not be checked if turned off on config page.
|
* URL to check for updates. Will not be checked if turned off on config page.
|
||||||
|
|
|
@ -175,6 +175,25 @@ class Router {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if ($request->getMethod() == 'GET' && $request->query->get('action', '') == "delete") {
|
||||||
|
// require CSRF token for all GET calls that delete something
|
||||||
|
$session = $this->container->get('user')->getSession();
|
||||||
|
$token_in = $request->query->get('csrf', '');
|
||||||
|
$csrf_key = $controller->getCSRFKey();
|
||||||
|
|
||||||
|
if (empty($csrf_key)) {
|
||||||
|
if (!hash_equals($session->get('csrf_token'), $token_in)) {
|
||||||
|
throw new \InvalidArgumentException('invalid_csrf_token');
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (!hash_equals(
|
||||||
|
hash_hmac('sha256', $csrf_key, $session->get('csrf_token2')),
|
||||||
|
$token_in
|
||||||
|
)) {
|
||||||
|
throw new \InvalidArgumentException('invalid_csrf_token');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// get min required level for this controller and make sure the user matches
|
// get min required level for this controller and make sure the user matches
|
||||||
$min_lvl = $controller->getMinUserLevelRequired();
|
$min_lvl = $controller->getMinUserLevelRequired();
|
||||||
|
|
|
@ -1,3 +1,7 @@
|
||||||
{% macro csrf_input() %}
|
{% macro csrf_input() %}
|
||||||
<input type="hidden" name="csrf" value="{{ csrf_token(csrf_key|default('')) }}" />
|
<input type="hidden" name="csrf" value="{{ csrf_token(csrf_key|default('')) }}" />
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
||||||
|
{% macro csrf_query() %}
|
||||||
|
&csrf={{ csrf_token(csrf_key|default('')) }}
|
||||||
|
{% endmacro %}
|
|
@ -1,5 +1,6 @@
|
||||||
|
{% import 'main/macros.tpl.html' as macro %}
|
||||||
{% if has_admin_actions %}
|
{% if has_admin_actions %}
|
||||||
<a class="btn btn-danger show-modal" href="{{ url_delete|raw }}" title="Delete" data-modal-id="delete" data-modal-param="{{ label }}">
|
<a class="btn btn-danger show-modal" href="{{ url_delete|raw }}{{ macro.csrf_query() }}" title="Delete" data-modal-id="delete" data-modal-param="{{ label }}">
|
||||||
<i class="icon-trash icon-white"></i> {{ label_clear_log }}
|
<i class="icon-trash icon-white"></i> {{ label_clear_log }}
|
||||||
</a>
|
</a>
|
||||||
<br><br>
|
<br><br>
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
{% import 'main/macros.tpl.html' as macro %}
|
||||||
<table class="table table-bordered table-striped">
|
<table class="table table-bordered table-striped">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
|
@ -39,7 +40,7 @@
|
||||||
<a class="btn btn-small" href="{{ server.url_view|raw }}"><i class="icon-chart"></i></a>
|
<a class="btn btn-small" href="{{ server.url_view|raw }}"><i class="icon-chart"></i></a>
|
||||||
{% if user_level == 10 %}
|
{% if user_level == 10 %}
|
||||||
<a class="btn btn-small" href="{{ server.url_edit|raw }}" title="{{ label_edit }}"><i class="icon-pencil"></i></a>
|
<a class="btn btn-small" href="{{ server.url_edit|raw }}" title="{{ label_edit }}"><i class="icon-pencil"></i></a>
|
||||||
<a class="btn btn-small btn-danger show-modal" href="{{ server.url_delete|raw }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ server.label }}"><i class="icon-remove icon-white"></i></a>
|
<a class="btn btn-small btn-danger show-modal" href="{{ server.url_delete|raw }}{{ macro.csrf_query() }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ server.label }}"><i class="icon-remove icon-white"></i></a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
</td>
|
</td>
|
||||||
|
@ -53,7 +54,7 @@
|
||||||
<a class="btn btn-small" href="{{ server.url_view|raw }}"><i class="icon-chart"></i></a>
|
<a class="btn btn-small" href="{{ server.url_view|raw }}"><i class="icon-chart"></i></a>
|
||||||
{% if user_level == 10 %}
|
{% if user_level == 10 %}
|
||||||
<a class="btn btn-small" href="{{ server.url_edit|raw }}" title="{{ label_edit }}"><i class="icon-pencil"></i></a>
|
<a class="btn btn-small" href="{{ server.url_edit|raw }}" title="{{ label_edit }}"><i class="icon-pencil"></i></a>
|
||||||
<a class="btn btn-small btn-danger show-modal" href="{{ server.url_delete|raw }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ server.label }}"><i class="icon-remove icon-white"></i></a>
|
<a class="btn btn-small btn-danger show-modal" href="{{ server.url_delete|raw }}{{ macro.csrf_query() }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ server.label }}"><i class="icon-remove icon-white"></i></a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
{% import 'main/macros.tpl.html' as macro %}
|
||||||
<table class="table table-bordered">
|
<table class="table table-bordered">
|
||||||
<colgroup>
|
<colgroup>
|
||||||
<col class="oce-first" />
|
<col class="oce-first" />
|
||||||
|
@ -100,7 +101,7 @@
|
||||||
<a class="btn btn-success" href="{{ url_edit|raw }}">
|
<a class="btn btn-success" href="{{ url_edit|raw }}">
|
||||||
<i class="icon-edit icon-white"></i> {{ label_edit }}
|
<i class="icon-edit icon-white"></i> {{ label_edit }}
|
||||||
</a>
|
</a>
|
||||||
<a class="btn btn-danger show-modal" href="{{ url_delete|raw }}" data-modal-id="delete" data-modal-param="{{ label }}">
|
<a class="btn btn-danger show-modal" href="{{ url_delete|raw }}{{ macro.csrf_query() }}" data-modal-id="delete" data-modal-param="{{ label }}">
|
||||||
<i class="icon-remove icon-white"></i> {{ label_delete }}
|
<i class="icon-remove icon-white"></i> {{ label_delete }}
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
{% import 'main/macros.tpl.html' as macro %}
|
||||||
<table class="table table-bordered table-striped">
|
<table class="table table-bordered table-striped">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
|
@ -33,7 +34,7 @@
|
||||||
<a class="btn btn-small" href="{{ user.url_edit|raw }}" title="{{ user.label_edit }}">
|
<a class="btn btn-small" href="{{ user.url_edit|raw }}" title="{{ user.label_edit }}">
|
||||||
<i class="icon-pencil"></i>
|
<i class="icon-pencil"></i>
|
||||||
</a>
|
</a>
|
||||||
<a class="btn btn-small btn-danger show-modal" href="{{ user.url_delete|raw }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ user.user_name }}">
|
<a class="btn btn-small btn-danger show-modal" href="{{ user.url_delete|raw }}{{ macro.csrf_query() }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ user.user_name }}">
|
||||||
<i class="icon-remove icon-white"></i>
|
<i class="icon-remove icon-white"></i>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
|
@ -56,7 +57,7 @@
|
||||||
<a class="btn btn-small" href="{{ user.url_edit|raw }}" title="{{ label_edit }}">
|
<a class="btn btn-small" href="{{ user.url_edit|raw }}" title="{{ label_edit }}">
|
||||||
<i class="icon-pencil"></i>
|
<i class="icon-pencil"></i>
|
||||||
</a>
|
</a>
|
||||||
<a class="btn btn-small btn-danger show-modal" href="{{ user.url_delete|raw }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ user.user_name }}">
|
<a class="btn btn-small btn-danger show-modal" href="{{ user.url_delete|raw }}{{ macro.csrf_query() }}" title="{{ label_delete }}" data-modal-id="delete" data-modal-param="{{ user.user_name }}">
|
||||||
<i class="icon-remove icon-white"></i>
|
<i class="icon-remove icon-white"></i>
|
||||||
</a>
|
</a>
|
||||||
</td>
|
</td>
|
||||||
|
|
Loading…
Reference in New Issue