1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

Merge pull request #370 from glaszig/fix/csrf

fix csrf verification
This commit is contained in:
Bill Zimmerman 2019-08-08 00:23:58 +02:00 committed by GitHub
commit 7dd80f6098
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 10 additions and 21 deletions

View File

@ -1,6 +1,6 @@
<?php
require('includes/csrf.php');
require('../../includes/csrf.php');
require_once '../../includes/config.php';
require_once RASPI_CONFIG.'/raspap.php';

View File

@ -1,6 +1,6 @@
<?php
require('includes/csrf.php');
require('../../includes/csrf.php');
if (filter_input(INPUT_GET, 'tu') == 'h') {

View File

@ -1,6 +1,6 @@
<?php
require('includes/csrf.php');
require('../../includes/csrf.php');
include_once('../../includes/config.php');
include_once('../../includes/functions.php');

View File

@ -1,6 +1,6 @@
<?php
require('includes/csrf.php');
require('../../includes/csrf.php');
exec("ls /sys/class/net | grep -v lo", $interfaces);
echo json_encode($interfaces);

View File

@ -1,6 +1,6 @@
<?php
require('includes/csrf.php');
require('../../includes/csrf.php');
include_once('../../includes/config.php');
include_once('../../includes/functions.php');

View File

@ -1,6 +1,6 @@
<?php
require('includes/csrf.php');
require('../../includes/csrf.php');
include_once('../../includes/functions.php');

View File

@ -1,6 +1,6 @@
<?php
require('includes/csrf.php');
require('../../includes/csrf.php');
include_once('../../includes/config.php');
include_once('../../includes/functions.php');

View File

@ -1,11 +1,8 @@
<?php
include_once('includes/functions.php');
include_once('includes/session.php');
include_once('functions.php');
include_once('session.php');
if (csrfValidateRequest() && !CSRFValidate()) {
handleInvalidCSRFToken();
}
ensureCSRFSessionToken();
header('X-CSRF-Token', $_SESSION['csrf_token']);

View File

@ -19,6 +19,7 @@
*/
require('includes/csrf.php');
ensureCSRFSessionToken();
include_once('includes/config.php');
include_once(RASPI_CONFIG.'/raspap.php');

View File

@ -167,14 +167,6 @@ function setCSRFTokenHeader(event, xhr, settings) {
}
}
function updateCSRFTokens(event, xhr, settings) {
var newToken = xhr.getResponseHeader("X-CSRF-Token");
if (newToken) {
$('meta[name=csrf_token]').attr('content', newToken);
$('[name=csrf_token]:input').attr('value', newToken);
}
}
function contentLoaded() {
pageCurrent = window.location.href.split("?")[1].split("=")[1];
pageCurrent = pageCurrent.replace("#","");
@ -190,5 +182,4 @@ function contentLoaded() {
$(document)
.ajaxSend(setCSRFTokenHeader)
.ajaxComplete(updateCSRFTokens)
.ready(contentLoaded);