remijean/ZwiiCMS
2
1
Fork 0
forked from ZwiiCMS-Team/ZwiiCMS
Code Pull Requests Activity

Contremesure faille CRSF

Browse Source
This commit is contained in:
fredtempez 2019-01-16 19:25:09 +01:00
parent ae6a924ff6
commit 00b90a6717
4 changed files with 57 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
module/blog/blog.php
View File

@ -113,7 +113,7 @@ class blog extends common {
$comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'], $comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'],
template::button('blogCommentDelete' . $commentIds[$i], [ template::button('blogCommentDelete' . $commentIds[$i], [
'class' => 'blogCommentDelete buttonRed', 'class' => 'blogCommentDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i], 'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'] ,
'value' => template::ico('cancel') 'value' => template::ico('cancel')
]) ])
]; ];
@ -136,6 +136,14 @@ class blog extends common {
'access' => false 'access' => false
]); ]);
} }
// Jeton incorrect
elseif ($this->getUrl(4) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// Suppression // Suppression
else { else {
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2), 'comment', $this->getUrl(3)]); $this->deleteData(['module', $this->getUrl(0), $this->getUrl(2), 'comment', $this->getUrl(3)]);
@ -169,12 +177,12 @@ class blog extends common {
utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $articleIds[$i], 'publishedOn']))), utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $articleIds[$i], 'publishedOn']))),
self::$states[$this->getData(['module', $this->getUrl(0), $articleIds[$i], 'state'])], self::$states[$this->getData(['module', $this->getUrl(0), $articleIds[$i], 'state'])],
template::button('blogConfigEdit' . $articleIds[$i], [ template::button('blogConfigEdit' . $articleIds[$i], [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i], 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
'value' => template::ico('pencil') 'value' => template::ico('pencil')
]), ]),
template::button('blogConfigDelete' . $articleIds[$i], [ template::button('blogConfigDelete' . $articleIds[$i], [
'class' => 'blogConfigDelete buttonRed', 'class' => 'blogConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i] . '&csrf=' . $_SESSION['csrf'], 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
'value' => template::ico('cancel') 'value' => template::ico('cancel')
]) ])
]; ];
@ -190,33 +198,23 @@ class blog extends common {
* Suppression * Suppression
*/ */
public function delete() { public function delete() {
// $url prend l'adresse sans le token if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
$url = explode('&',$this->getUrl(2));
// L'article n'existe pas
if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} }
// Jeton incorrect // Jeton incorrect
elseif(!isset($_GET['csrf'])) { elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl(). $this->getUrl(0) . '/config', 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Jeton invalide' 'notification' => 'Action non autorisée'
]);
}
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Suppression non autorisée'
]); ]);
} }
// Suppression // Suppression
else { else {
$this->deleteData(['module', $this->getUrl(0), $url[0]]); $this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -230,6 +228,14 @@ class blog extends common {
* Édition * Édition
*/ */
public function edit() { public function edit() {
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// L'article n'existe pas // L'article n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie
@ -240,7 +246,7 @@ class blog extends common {
// L'article existe // L'article existe
else { else {
// Soumission du formulaire // Soumission du formulaire
if($this->isPost()) { if($this->isPost()) {
$articleId = $this->getInput('blogEditTitle', helper::FILTER_ID, true); $articleId = $this->getInput('blogEditTitle', helper::FILTER_ID, true);
// Incrémente le nouvel id de l'article // Incrémente le nouvel id de l'article
if($articleId !== $this->getUrl(2)) { if($articleId !== $this->getUrl(2)) {

2
module/blog/view/article/article.php
View File

@ -115,7 +115,7 @@ code d'origine
<div class="col2 offset8"> <div class="col2 offset8">
<?php echo template::button('blogEdit', [ <?php echo template::button('blogEdit', [
'class' => 'buttonBlue', 'class' => 'buttonBlue',
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1), 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf'],
'value' => 'Editer' 'value' => 'Editer'
]); ?> ]); ?>
</div> </div>

30
module/gallery/gallery.php
View File

@ -54,12 +54,12 @@ class gallery extends common {
$gallery['config']['name'], $gallery['config']['name'],
$gallery['config']['directory'], $gallery['config']['directory'],
template::button('galleryConfigEdit' . $galleryId, [ template::button('galleryConfigEdit' . $galleryId, [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId, 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $galleryId . '/' . $_SESSION['csrf'],
'value' => template::ico('pencil') 'value' => template::ico('pencil')
]), ]),
template::button('galleryConfigDelete' . $galleryId, [ template::button('galleryConfigDelete' . $galleryId, [
'class' => 'galleryConfigDelete buttonRed', 'class' => 'galleryConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId . '&csrf=' . $_SESSION['csrf'], 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId . '/' . $_SESSION['csrf'],
'value' => template::ico('cancel') 'value' => template::ico('cancel')
]) ])
]; ];
@ -93,33 +93,25 @@ class gallery extends common {
* Suppression * Suppression
*/ */
public function delete() { public function delete() {
// $url prend l'adresse sans le token // $url prend l'adresse sans le token
$url = explode('&',$this->getUrl(2));
// La galerie n'existe pas // La galerie n'existe pas
if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) { if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} }
// Jeton incorrect // Jeton incorrect
elseif(!isset($_GET['csrf'])) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . 'config',
'notification' => 'Jeton invalide'
]);
}
elseif ($_GET['csrf'] !== $_SESSION['csrf']) { elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . 'config', 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Suppression non autorisée' 'notification' => 'Suppression non autorisée'
]); ]);
} }
// Suppression // Suppression
else { else {
$this->deleteData(['module', $this->getUrl(0), $url[0]]); $this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -144,6 +136,14 @@ class gallery extends common {
* Édition * Édition
*/ */
public function edit() { public function edit() {
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// La galerie n'existe pas // La galerie n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie

33
module/news/news.php
View File

@ -95,12 +95,12 @@ class news extends common {
utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $newsIds[$i], 'publishedOn']))), utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $newsIds[$i], 'publishedOn']))),
self::$states[$this->getData(['module', $this->getUrl(0), $newsIds[$i], 'state'])], self::$states[$this->getData(['module', $this->getUrl(0), $newsIds[$i], 'state'])],
template::button('newsConfigEdit' . $newsIds[$i], [ template::button('newsConfigEdit' . $newsIds[$i], [
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i], 'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $newsIds[$i]. '/' . $_SESSION['csrf'],
'value' => template::ico('pencil') 'value' => template::ico('pencil')
]), ]),
template::button('newsConfigDelete' . $newsIds[$i], [ template::button('newsConfigDelete' . $newsIds[$i], [
'class' => 'newsConfigDelete buttonRed', 'class' => 'newsConfigDelete buttonRed',
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '&csrf=' . $_SESSION['csrf'], 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i] . '/' . $_SESSION['csrf'],
'value' => template::ico('cancel') 'value' => template::ico('cancel')
]) ])
]; ];
@ -115,34 +115,25 @@ class news extends common {
/** /**
* Suppression * Suppression
*/ */
public function delete() { public function delete() {
// $url prend l'adresse sans le token
$url = explode('&',$this->getUrl(2));
// La news n'existe pas // La news n'existe pas
if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) { if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'access' => false 'access' => false
]); ]);
} }
// Jeton incorrect // Jeton incorrect
elseif(!isset($_GET['csrf'])) { elseif ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl(). $this->getUrl(0) . '/config', 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Jeton invalide' 'notification' => 'Action non autorisée'
]);
}
elseif ($_GET['csrf'] !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Suppression non autorisée'
]); ]);
} }
// Suppression // Suppression
else { else {
$this->deleteData(['module', $this->getUrl(0), $url[0]]); $this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]);
// Valeurs en sortie // Valeurs en sortie
$this->addOutput([ $this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
@ -156,6 +147,14 @@ class news extends common {
* Édition * Édition
*/ */
public function edit() { public function edit() {
// Jeton incorrect
if ($this->getUrl(3) !== $_SESSION['csrf']) {
// Valeurs en sortie
$this->addOutput([
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config',
'notification' => 'Action non autorisée'
]);
}
// La news n'existe pas // La news n'existe pas
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) {
// Valeurs en sortie // Valeurs en sortie