1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

remove splattered, duplicated csrf validation code

since we do that always and early, now.
This commit is contained in:
glaszig 2019-07-30 17:05:41 +02:00
parent f989b8060b
commit 87fe8948b8
9 changed files with 104 additions and 136 deletions

View File

@ -3,7 +3,7 @@ session_start();
include_once('../../includes/config.php'); include_once('../../includes/config.php');
include_once('../../includes/functions.php'); include_once('../../includes/functions.php');
if(isset($_POST['generate']) && isset($_POST['csrf_token']) && CSRFValidate()) { if(isset($_POST['generate'])) {
$cnfNetworking = array_diff(scandir(RASPI_CONFIG_NETWORKING, 1),array('..','.','dhcpcd.conf')); $cnfNetworking = array_diff(scandir(RASPI_CONFIG_NETWORKING, 1),array('..','.','dhcpcd.conf'));
$cnfNetworking = array_combine($cnfNetworking,$cnfNetworking); $cnfNetworking = array_combine($cnfNetworking,$cnfNetworking);
$strConfFile = ""; $strConfFile = "";

View File

@ -4,7 +4,7 @@ include_once('../../includes/config.php');
include_once('../../includes/functions.php'); include_once('../../includes/functions.php');
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) { if(isset($_POST['interface'])) {
$int = preg_replace('/[^a-z0-9]/', '', $_POST['interface']); $int = preg_replace('/[^a-z0-9]/', '', $_POST['interface']);
if(!file_exists(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini')) { if(!file_exists(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini')) {
touch(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini'); touch(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini');

View File

@ -2,7 +2,7 @@
session_start(); session_start();
include_once('../../includes/functions.php'); include_once('../../includes/functions.php');
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) { if(isset($_POST['interface'])) {
$int = preg_replace('/[^a-z0-9]/','',$_POST['interface']); $int = preg_replace('/[^a-z0-9]/','',$_POST['interface']);
exec('ip a s '.$int,$intOutput,$intResult); exec('ip a s '.$int,$intOutput,$intResult);
$intOutput = array_map('htmlentities', $intOutput); $intOutput = array_map('htmlentities', $intOutput);

View File

@ -2,7 +2,7 @@
session_start(); session_start();
include_once('../../includes/config.php'); include_once('../../includes/config.php');
include_once('../../includes/functions.php'); include_once('../../includes/functions.php');
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) { if(isset($_POST['interface'])) {
$int = $_POST['interface']; $int = $_POST['interface'];
$cfg = []; $cfg = [];
$file = $int.".ini"; $file = $int.".ini";

View File

@ -6,7 +6,6 @@ function DisplayAuthConfig($username, $password)
{ {
$status = new StatusMessages(); $status = new StatusMessages();
if (isset($_POST['UpdateAdminPassword'])) { if (isset($_POST['UpdateAdminPassword'])) {
if (CSRFValidate()) {
if (password_verify($_POST['oldpass'], $password)) { if (password_verify($_POST['oldpass'], $password)) {
$new_username=trim($_POST['username']); $new_username=trim($_POST['username']);
if ($_POST['newpass'] !== $_POST['newpassagain']) { if ($_POST['newpass'] !== $_POST['newpassagain']) {
@ -32,9 +31,6 @@ function DisplayAuthConfig($username, $password)
} else { } else {
$status->addMessage('Old password does not match', 'danger'); $status->addMessage('Old password does not match', 'danger');
} }
} else {
error_log('CSRF violation');
}
} }
?> ?>
<div class="row"> <div class="row">

View File

@ -53,7 +53,7 @@ function DisplayWPAConfig()
if (isset($_POST['connect'])) { if (isset($_POST['connect'])) {
$result = 0; $result = 0;
exec('sudo wpa_cli -i ' . RASPI_WPA_CTRL_INTERFACE . ' select_network '.strval($_POST['connect'])); exec('sudo wpa_cli -i ' . RASPI_WPA_CTRL_INTERFACE . ' select_network '.strval($_POST['connect']));
} elseif (isset($_POST['client_settings']) && CSRFValidate()) { } elseif (isset($_POST['client_settings'])) {
$tmp_networks = $networks; $tmp_networks = $networks;
if ($wpa_file = fopen('/tmp/wifidata', 'w')) { if ($wpa_file = fopen('/tmp/wifidata', 'w')) {
fwrite($wpa_file, 'ctrl_interface=DIR=' . RASPI_WPA_CTRL_INTERFACE . ' GROUP=netdev' . PHP_EOL); fwrite($wpa_file, 'ctrl_interface=DIR=' . RASPI_WPA_CTRL_INTERFACE . ' GROUP=netdev' . PHP_EOL);

View File

@ -12,7 +12,6 @@ function DisplayDHCPConfig()
$status = new StatusMessages(); $status = new StatusMessages();
if (isset($_POST['savedhcpdsettings'])) { if (isset($_POST['savedhcpdsettings'])) {
if (CSRFValidate()) {
$errors = ''; $errors = '';
define('IFNAMSIZ', 16); define('IFNAMSIZ', 16);
if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) || if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) ||
@ -68,16 +67,12 @@ function DisplayDHCPConfig()
} else { } else {
$status->addMessage('Dnsmasq configuration failed to be updated.', 'danger'); $status->addMessage('Dnsmasq configuration failed to be updated.', 'danger');
} }
} else {
error_log('CSRF violation');
}
} }
exec('pidof dnsmasq | wc -l', $dnsmasq); exec('pidof dnsmasq | wc -l', $dnsmasq);
$dnsmasq_state = ($dnsmasq[0] > 0); $dnsmasq_state = ($dnsmasq[0] > 0);
if (isset($_POST['startdhcpd'])) { if (isset($_POST['startdhcpd'])) {
if (CSRFValidate()) {
if ($dnsmasq_state) { if ($dnsmasq_state) {
$status->addMessage('dnsmasq already running', 'info'); $status->addMessage('dnsmasq already running', 'info');
} else { } else {
@ -89,11 +84,7 @@ function DisplayDHCPConfig()
$status->addMessage('Failed to start dnsmasq', 'danger'); $status->addMessage('Failed to start dnsmasq', 'danger');
} }
} }
} else {
error_log('CSRF violation');
}
} elseif (isset($_POST['stopdhcpd'])) { } elseif (isset($_POST['stopdhcpd'])) {
if (CSRFValidate()) {
if ($dnsmasq_state) { if ($dnsmasq_state) {
exec('sudo /etc/init.d/dnsmasq stop', $dnsmasq, $return); exec('sudo /etc/init.d/dnsmasq stop', $dnsmasq, $return);
if ($return == 0) { if ($return == 0) {
@ -105,9 +96,6 @@ function DisplayDHCPConfig()
} else { } else {
$status->addMessage('dnsmasq already stopped', 'info'); $status->addMessage('dnsmasq already stopped', 'info');
} }
} else {
error_log('CSRF violation');
}
} else { } else {
if ($dnsmasq_state) { if ($dnsmasq_state) {
$status->addMessage('Dnsmasq is running', 'success'); $status->addMessage('Dnsmasq is running', 'success');

View File

@ -22,13 +22,8 @@ function DisplayHostAPDConfig()
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces); exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
if (isset($_POST['SaveHostAPDSettings'])) { if (isset($_POST['SaveHostAPDSettings'])) {
if (CSRFValidate()) {
SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status); SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status);
} else {
error_log('CSRF violation');
}
} elseif (isset($_POST['StartHotspot'])) { } elseif (isset($_POST['StartHotspot'])) {
if (CSRFValidate()) {
$status->addMessage('Attempting to start hotspot', 'info'); $status->addMessage('Attempting to start hotspot', 'info');
if ($arrHostapdConf['WifiAPEnable'] == 1) { if ($arrHostapdConf['WifiAPEnable'] == 1) {
exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return); exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return);
@ -38,19 +33,12 @@ function DisplayHostAPDConfig()
foreach ($return as $line) { foreach ($return as $line) {
$status->addMessage($line, 'info'); $status->addMessage($line, 'info');
} }
} else {
error_log('CSRF violation');
}
} elseif (isset($_POST['StopHotspot'])) { } elseif (isset($_POST['StopHotspot'])) {
if (CSRFValidate()) {
$status->addMessage('Attempting to stop hotspot', 'info'); $status->addMessage('Attempting to stop hotspot', 'info');
exec('sudo /etc/init.d/hostapd stop', $return); exec('sudo /etc/init.d/hostapd stop', $return);
foreach ($return as $line) { foreach ($return as $line) {
$status->addMessage($line, 'info'); $status->addMessage($line, 'info');
} }
} else {
error_log('CSRF violation');
}
} }
exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig); exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig);

View File

@ -63,14 +63,10 @@ function DisplaySystem()
$status = new StatusMessages(); $status = new StatusMessages();
if (isset($_POST['SaveLanguage'])) { if (isset($_POST['SaveLanguage'])) {
if (CSRFValidate()) {
if (isset($_POST['locale'])) { if (isset($_POST['locale'])) {
$_SESSION['locale'] = $_POST['locale']; $_SESSION['locale'] = $_POST['locale'];
$status->addMessage('Language setting saved', 'success'); $status->addMessage('Language setting saved', 'success');
} }
} else {
error_log('CSRF violation');
}
} }
// define locales // define locales