ZwiiCMS-Team
/
ZwiiCMS
3
3
Fork 2
Code Releases 115 Activity

Contremesure faille CRSF

Browse Source
pull/5/head
fredtempez 4 years ago
parent ae6a924ff6
commit 00b90a6717
4 changed files with 57 additions and 52 deletions
Show Stats Download Patch File Download Diff File

44
module/blog/blog.php
Unescape View File

@ -113,7 +113,7 @@ class blog extends common {
$comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'],
template::button('blogCommentDelete' . $commentIds[$i], [
'class' => 'blogCommentDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i],
'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'] ,
'value' => template::ico('cancel')
])
];
@ -136,6 +136,14 @@ class blog extends common {
'access' => false
]);
}
// Jeton incorrect
elseif ($this->getUrl(4) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2), 'comment', $this->getUrl(3)]);
@ -169,12 +177,12 @@ class blog extends common {
utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $articleIds[$i], 'publishedOn']))),
self::$states[$this->getData(['module', $this->getUrl(0), $articleIds[$i], 'state'])],
template::button('blogConfigEdit' . $articleIds[$i], [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i],
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
'value' => template::ico('pencil')
]),
template::button('blogConfigDelete' . $articleIds[$i], [
'class' => 'blogConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i] . '&csrf=' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
'value' => template::ico('cancel')
])
];
@ -190,33 +198,23 @@ class blog extends common {
* Suppression
*/
public function delete() {
// $url prend l'adresse sans le token
$url = explode('&',$this->getUrl(2));
// L'article n'existe pas
if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) {
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Jeton incorrect
elseif(!isset($_GET['csrf'])) {
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl(). $this->getUrl(0) . '/config',
'notification' => 'Jeton invalide'
]);
}
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Suppression non autorisée'
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $url[0]]);
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -230,6 +228,14 @@ class blog extends common {
* Édition
*/
public function edit() {
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// L'article n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie
@ -240,7 +246,7 @@ class blog extends common {
// L'article existe
else {
// Soumission du formulaire
if($this->isPost()) {
if($this->isPost()) {
$articleId = $this->getInput('blogEditTitle', helper::FILTER_ID, true);
// Incrémente le nouvel id de l'article
if($articleId !== $this->getUrl(2)) {

2
module/blog/view/article/article.php
Unescape View File

@ -115,7 +115,7 @@ code d'origine
<div class="col2 offset8">
<?php echo template::button('blogEdit', [
'class' => 'buttonBlue',
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1),
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf'],
'value' => 'Editer'
]); ?>
</div>

30
module/gallery/gallery.php
Unescape View File

@ -54,12 +54,12 @@ class gallery extends common {
$gallery['config']['name'],
$gallery['config']['directory'],
template::button('galleryConfigEdit' . $galleryId, [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId,
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId . '/' . $_SESSION['csrf'],
'value' => template::ico('pencil')
]),
template::button('galleryConfigDelete' . $galleryId, [
'class' => 'galleryConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId . '&csrf=' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId . '/' . $_SESSION['csrf'],
'value' => template::ico('cancel')
])
];
@ -93,33 +93,25 @@ class gallery extends common {
* Suppression
*/
public function delete() {
// $url prend l'adresse sans le token
$url = explode('&',$this->getUrl(2));
// $url prend l'adresse sans le token
// La galerie n'existe pas
if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) {
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Jeton incorrect
elseif(!isset($_GET['csrf'])) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'config',
'notification' => 'Jeton invalide'
]);
}
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'config',
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Suppression non autorisée'
]);
}
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $url[0]]);
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -144,6 +136,14 @@ class gallery extends common {
* Édition
*/
public function edit() {
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// La galerie n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie

33
module/news/news.php
Unescape View File

@ -95,12 +95,12 @@ class news extends common {
utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $newsIds[$i], 'publishedOn']))),
self::$states[$this->getData(['module', $this->getUrl(0), $newsIds[$i], 'state'])],
template::button('newsConfigEdit' . $newsIds[$i], [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i],
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i]. '/' . $_SESSION['csrf'],
'value' => template::ico('pencil')
]),
template::button('newsConfigDelete' . $newsIds[$i], [
'class' => 'newsConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '&csrf=' . $_SESSION['csrf'],
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
'value' => template::ico('cancel')
])
];
@ -115,34 +115,25 @@ class news extends common {
/**
* Suppression
*/
public function delete() {
// $url prend l'adresse sans le token
$url = explode('&',$this->getUrl(2));
public function delete() {
// La news n'existe pas
if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) {
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie
$this->addOutput([
'access' => false
]);
}
// Jeton incorrect
elseif(!isset($_GET['csrf'])) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl(). $this->getUrl(0) . '/config',
'notification' => 'Jeton invalide'
]);
}
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Suppression non autorisée'
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// Suppression
else {
$this->deleteData(['module', $this->getUrl(0), $url[0]]);
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -156,6 +147,14 @@ class news extends common {
* Édition
*/
public function edit() {
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// La news n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie

Write Preview
Loading…
Cancel
Save