Faille CRSF dans la galerie
This commit is contained in:
parent
a30b210e82
commit
3c140b0f3b
@ -54,12 +54,12 @@ class gallery extends common {
|
|||||||
$gallery['config']['name'],
|
$gallery['config']['name'],
|
||||||
$gallery['config']['directory'],
|
$gallery['config']['directory'],
|
||||||
template::button('galleryConfigEdit' . $galleryId, [
|
template::button('galleryConfigEdit' . $galleryId, [
|
||||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId,
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId . '/' . $_SESSION['csrf'],
|
||||||
'value' => template::ico('pencil')
|
'value' => template::ico('pencil')
|
||||||
]),
|
]),
|
||||||
template::button('galleryConfigDelete' . $galleryId, [
|
template::button('galleryConfigDelete' . $galleryId, [
|
||||||
'class' => 'galleryConfigDelete buttonRed',
|
'class' => 'galleryConfigDelete buttonRed',
|
||||||
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId. '&csrf=' . $_SESSION['csrf'],
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId . '/' . $_SESSION['csrf'],
|
||||||
'value' => template::ico('cancel')
|
'value' => template::ico('cancel')
|
||||||
])
|
])
|
||||||
];
|
];
|
||||||
@ -93,33 +93,25 @@ class gallery extends common {
|
|||||||
* Suppression
|
* Suppression
|
||||||
*/
|
*/
|
||||||
public function delete() {
|
public function delete() {
|
||||||
// $url prend l'adresse sans le token
|
// $url prend l'adresse sans le token
|
||||||
$url = explode('&',$this->getUrl(2));
|
|
||||||
// La galerie n'existe pas
|
// La galerie n'existe pas
|
||||||
if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) {
|
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||||
// Valeurs en sortie
|
// Valeurs en sortie
|
||||||
$this->addOutput([
|
$this->addOutput([
|
||||||
'access' => false
|
'access' => false
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
// Jeton incorrect
|
// Jeton incorrect
|
||||||
elseif(!isset($_GET['csrf'])) {
|
|
||||||
// Valeurs en sortie
|
|
||||||
$this->addOutput([
|
|
||||||
'redirect' => helper::baseUrl() . 'config',
|
|
||||||
'notification' => 'Jeton invalide'
|
|
||||||
]);
|
|
||||||
}
|
|
||||||
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
|
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
|
||||||
// Valeurs en sortie
|
// Valeurs en sortie
|
||||||
$this->addOutput([
|
$this->addOutput([
|
||||||
'redirect' => helper::baseUrl() . 'config',
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
'notification' => 'Suppression non autorisée'
|
'notification' => 'Suppression non autorisée'
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
// Suppression
|
// Suppression
|
||||||
else {
|
else {
|
||||||
$this->deleteData(['module', $this->getUrl(0), $url[0]]);
|
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
|
||||||
// Valeurs en sortie
|
// Valeurs en sortie
|
||||||
$this->addOutput([
|
$this->addOutput([
|
||||||
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
@ -144,6 +136,14 @@ class gallery extends common {
|
|||||||
* Édition
|
* Édition
|
||||||
*/
|
*/
|
||||||
public function edit() {
|
public function edit() {
|
||||||
|
// Jeton incorrect
|
||||||
|
if ($this->getUrl(3) !== $_SESSION['csrf']) {
|
||||||
|
// Valeurs en sortie
|
||||||
|
$this->addOutput([
|
||||||
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
|
||||||
|
'notification' => 'Action non autorisée'
|
||||||
|
]);
|
||||||
|
}
|
||||||
// La galerie n'existe pas
|
// La galerie n'existe pas
|
||||||
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
|
||||||
// Valeurs en sortie
|
// Valeurs en sortie
|
||||||
|
Loading…
Reference in New Issue
Block a user