frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add authentication to ajax pages, thx @lts-rad

Browse Source
This commit is contained in:
billz
2024-03-11 18:52:34 +01:00
parent e92835f89d
commit c98d2b0c15
22 changed files with 77 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ajax/system/sys_actions.php
View File

@@ -1,6 +1,9 @@
<?php
require '../../includes/csrf.php';
require_once '../../includes/config.php';
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
require_once '../../includes/authenticate.php';
$action = escapeshellcmd($_POST['a']);
@@ -18,4 +21,3 @@ if (isset($action)) {
}
echo json_encode($response);
}

3
ajax/system/sys_debug.php
View File

@@ -2,6 +2,8 @@
require '../../includes/csrf.php';
require_once '../../includes/config.php';
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
require_once '../../includes/authenticate.php';
if (isset($_POST['csrf_token'])) {
if (csrfValidateRequest() && !CSRFValidate()) {
@@ -20,4 +22,3 @@ if (isset($_POST['csrf_token'])) {
} else {
handleInvalidCSRFToken();
}

5
ajax/system/sys_get_logfile.php
View File

@@ -1,7 +1,9 @@
<?php
<?php
require '../../includes/csrf.php';
require_once '../../includes/config.php';
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
require_once '../../includes/authenticate.php';
$tempDir = sys_get_temp_dir();
$filePath = $tempDir . DIRECTORY_SEPARATOR . RASPI_DEBUG_LOG;
@@ -19,4 +21,3 @@ if (isset($filePath)) {
header('Location: '.'/system_info');
exit();
}

4
ajax/system/sys_perform_update.php
View File

@@ -1,6 +1,9 @@
<?php
require '../../includes/csrf.php';
require_once '../../includes/config.php';
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
require_once '../../includes/authenticate.php';
if (isset($_POST['csrf_token'])) {
if (csrfValidateRequest() && !CSRFValidate()) {
@@ -18,4 +21,3 @@ if (isset($_POST['csrf_token'])) {
} else {
handleInvalidCSRFToken();
}

5
ajax/system/sys_read_logfile.php
View File

@@ -1,5 +1,9 @@
<?php
require_once '../../includes/config.php';
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
require_once '../../includes/authenticate.php';
$logFile = '/tmp/raspap_install.log';
$searchStrings = [
'Configure update' => 1,
@@ -40,4 +44,3 @@ if (file_exists($logFile)) {
} else {
echo json_encode("File does not exist: $logFile");
}