Fix bug: prevent CSRF attacks to admin page
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@174 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
mensonge
parent
15b91c7e66
commit
111bcdec75
1 changed files with 29 additions and 28 deletions
57
admin.php
57
admin.php
|
|
@ -1,21 +1,21 @@
|
||||||
<?php
|
<?php
|
||||||
/***************************************************************************
|
/***************************************************************************
|
||||||
Copyright (C) 2007 - 2008 SemanticScuttle project (fork from Scuttle)
|
Copyright (C) 2007 - 2008 SemanticScuttle project (fork from Scuttle)
|
||||||
http://sourceforge.net/projects/semanticscuttle/
|
http://sourceforge.net/projects/semanticscuttle/
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
the Free Software Foundation; either version 2 of the License, or
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
(at your option) any later version.
|
(at your option) any later version.
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
This program is distributed in the hope that it will be useful,
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
GNU General Public License for more details.
|
GNU General Public License for more details.
|
||||||
You should have received a copy of the GNU General Public License
|
You should have received a copy of the GNU General Public License
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
***************************************************************************/
|
***************************************************************************/
|
||||||
|
|
||||||
require_once('header.inc.php');
|
require_once('header.inc.php');
|
||||||
|
|
||||||
|
|
@ -24,7 +24,10 @@ $userservice = & ServiceFactory :: getServiceInstance('UserService');
|
||||||
$bookmark2tagservice = & ServiceFactory :: getServiceInstance('Bookmark2Tagservice');
|
$bookmark2tagservice = & ServiceFactory :: getServiceInstance('Bookmark2Tagservice');
|
||||||
$bookmarkservice = & ServiceFactory :: getServiceInstance('BookmarkService');
|
$bookmarkservice = & ServiceFactory :: getServiceInstance('BookmarkService');
|
||||||
$tag2tagservice = & ServiceFactory :: getServiceInstance('Tag2TagService');
|
$tag2tagservice = & ServiceFactory :: getServiceInstance('Tag2TagService');
|
||||||
$templateservice = & ServiceFactory :: getServiceInstance('TemplateService');
|
$templateservice = & ServiceFactory :: getServiceInstance('TemplateService');
|
||||||
|
|
||||||
|
/* Managing current logged user */
|
||||||
|
$currentUser = $userservice->getCurrentObjectUser();
|
||||||
|
|
||||||
// Header variables
|
// Header variables
|
||||||
$tplVars['subtitle'] = T_('Manage users');
|
$tplVars['subtitle'] = T_('Manage users');
|
||||||
|
|
@ -32,23 +35,21 @@ $tplVars['loadjs'] = true;
|
||||||
$tplVars['sidebar_blocks'] = array('users' );
|
$tplVars['sidebar_blocks'] = array('users' );
|
||||||
|
|
||||||
if ( !$userservice->isLoggedOn() ) {
|
if ( !$userservice->isLoggedOn() ) {
|
||||||
header('Location: '. createURL('login', ''));
|
header('Location: '. createURL('login', ''));
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
//$currentUser = $userservice->getCurrentUser();
|
if ( !$currentUser->isAdmin() ) {
|
||||||
//$currentUserID = $userservice->getCurrentUserId();
|
header('Location: '. createURL('bookmarks', $currentUser->getUsername()));
|
||||||
//$currentUsername = $currentUser[$userservice->getFieldName('username')];
|
exit();
|
||||||
$currentObjectUser = $userservice->getCurrentObjectUser();
|
|
||||||
|
|
||||||
if ( !$currentObjectUser->isAdmin() ) {
|
|
||||||
header('Location: '. createURL('bookmarks', $currentObjectUser->getUsername()));
|
|
||||||
exit();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
|
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
|
||||||
|
|
||||||
|
|
||||||
if ( $action ) {
|
if ( $action
|
||||||
|
&& strpos($_SERVER['HTTP_REFERER'], ROOT.'/admin.php') == 0 // Prevent CSRF attacks
|
||||||
|
) {
|
||||||
switch ( $action ) {
|
switch ( $action ) {
|
||||||
case 'delete':
|
case 'delete':
|
||||||
if ( $user && ($userinfo = $userservice->getUserByUsername($user)) ) {
|
if ( $user && ($userinfo = $userservice->getUserByUsername($user)) ) {
|
||||||
|
|
@ -78,4 +79,4 @@ if ( !is_array($users) ) {
|
||||||
$tplVars['users'] =& $users;
|
$tplVars['users'] =& $users;
|
||||||
|
|
||||||
$templateservice->loadTemplate($templatename, $tplVars);
|
$templateservice->loadTemplate($templatename, $tplVars);
|
||||||
?>
|
?>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue