首頁 探索 說明
登入
yosoyhendrix
/
vesta
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Add the validation of the CSRF token. It is missing in some cases when it is sent by GET or POST.

Sergio 6 年之前
父節點
2da2c539f1
當前提交
7603cdea7a
共有 9 個文件被更改,包括 49 次插入1 次删除
分割檢視 顯示文件統計
  1. 6 0
      web/add/cron/autoupdate/index.php
  2. 6 0
      web/add/cron/reports/index.php
  3. 6 0
      web/add/firewall/banlist/index.php
  4. 6 0
      web/delete/cron/autoupdate/index.php
  5. 6 0
      web/delete/cron/reports/index.php
  6. 6 0
      web/restart/service/index.php
  7. 6 0
      web/restart/system/index.php
  8. 1 1
      web/templates/admin/list_services.html
  9. 6 0
      web/update/vesta/index.php

+ 6 - 0
web/add/cron/autoupdate/index.php
查看文件 

@@ -5,6 +5,12 @@ ob_start();
 
 session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
+// Check token
 
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 
+    header('location: /login/');
 
+    exit();
 
+}
 
+
 
 if ($_SESSION['user'] == 'admin') {
 
     exec (VESTA_CMD."v-add-cron-vesta-autoupdate", $output, $return_var);
 
     $_SESSION['error_msg'] = __('Autoupdate has been successfully enabled');

+ 6 - 0
web/add/cron/reports/index.php
查看文件 

@@ -5,6 +5,12 @@ ob_start();
 
 session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
+// Check token
 
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 
+    header('location: /login/');
 
+    exit();
 
+}
 
+
 
 exec (VESTA_CMD."v-add-cron-reports ".$user, $output, $return_var);
 
 $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
 
 unset($output);

+ 6 - 0
web/add/firewall/banlist/index.php
查看文件 

@@ -15,6 +15,12 @@ if ($_SESSION['user'] != 'admin') {
 
 // Check POST request
 
 if (!empty($_POST['ok'])) {
 
 
+    // Check token
 
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 
+        header('location: /login/');
 
+        exit();
 
+    }
 
+
 
     // Check empty fields
 
     if (empty($_POST['v_chain'])) $errors[] = __('banlist');
 
     if (empty($_POST['v_ip'])) $errors[] = __('ip address');

+ 6 - 0
web/delete/cron/autoupdate/index.php
查看文件 

@@ -5,6 +5,12 @@ ob_start();
 
 session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
+// Check token
 
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 
+    header('location: /login/');
 
+    exit();
 
+}
 
+
 
 if ($_SESSION['user'] == 'admin') {
 
     exec (VESTA_CMD."v-delete-cron-vesta-autoupdate", $output, $return_var);
 
     $_SESSION['error_msg'] = __('Autoupdate has been successfully disabled');

+ 6 - 0
web/delete/cron/reports/index.php
查看文件 

@@ -5,6 +5,12 @@ ob_start();
 
 session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
+// Check token
 
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 
+    header('location: /login/');
 
+    exit();
 
+}
 
+
 
 exec (VESTA_CMD."v-delete-cron-reports ".$user, $output, $return_var);
 
 $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully disabled');
 
 unset($output);

+ 6 - 0
web/restart/service/index.php
查看文件 

@@ -5,6 +5,12 @@ ob_start();
 
 session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
+// Check token
 
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 
+    header('location: /login/');
 
+    exit();
 
+}
 
+
 
 if ($_SESSION['user'] == 'admin') {
 
     if (!empty($_GET['srv'])) {
 
         if ($_GET['srv'] == 'iptables') {

+ 6 - 0
web/restart/system/index.php
查看文件 

@@ -5,6 +5,12 @@ ob_start();
 
 session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
+// Check token
 
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 
+    header('location: /login/');
 
+    exit();
 
+}
 
+
 
 if ($_SESSION['user'] == 'admin') {
 
     if (!empty($_GET['hostname'])) {
 
         exec (VESTA_CMD."v-restart-system yes", $output, $return_var);

+ 1 - 1
web/templates/admin/list_services.html
查看文件 

@@ -54,7 +54,7 @@
 
           <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
 
             <div class="actions-panel clearfix">
 
               <div class="actions-panel__col actions-panel__configure shortcut-enter" key-action="href"><a href="/edit/server/"><?=__('configure')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
 
-              <div class="actions-panel__col actions-panel__restart shortcut-r" key-action="href"><a href="/restart/system/?hostname=<?php echo $sys['sysinfo']['HOSTNAME'] ?>"><?=__('restart')?> <i></i></a><span class="shortcut">&nbsp;R</span></div>
 
+              <div class="actions-panel__col actions-panel__restart shortcut-r" key-action="href"><a href="/restart/system/?hostname=<?php echo $sys['sysinfo']['HOSTNAME'] ?>&token=<?=$_SESSION['token']?>"><?=__('restart')?> <i></i></a><span class="shortcut">&nbsp;R</span></div>
 
             </div>
 
             <!-- /.actions-panel -->
 
           </div>

+ 6 - 0
web/update/vesta/index.php
查看文件 

@@ -5,6 +5,12 @@ ob_start();
 
 session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
+// Check token
 
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 
+    header('location: /login/');
 
+    exit();
 
+}
 
+
 
 if ($_SESSION['user'] == 'admin') {
 
     if (!empty($_GET['pkg'])) {
 
         $v_pkg = escapeshellarg($_GET['pkg']);