kiduc
/
bibiuc.com
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 59 Wiki Activity
Browse Source

Merge pull request #57 from Kanti/csrf 

Various bugs fixes by @Kanti.
pull/63/head
Danang Probo Sayekti 11 years ago
parent
c7441b84f6 e852052790
commit
4caad63dd2
14 changed files with 108 additions and 34 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +8
    -6
      system/admin/admin.php
  2. +1
    -0
      system/admin/views/add-page.html.php
  3. +1
    -0
      system/admin/views/add-post.html.php
  4. +1
    -0
      system/admin/views/delete-page.html.php
  5. +1
    -0
      system/admin/views/delete-post.html.php
  6. +1
    -0
      system/admin/views/edit-page.html.php
  7. +1
    -0
      system/admin/views/edit-post.html.php
  8. +3
    -2
      system/admin/views/edit-profile.html.php
  9. +1
    -0
      system/admin/views/import.html.php
  10. +1
    -0
      system/admin/views/login.html.php
  11. +1
    -1
      system/admin/views/logout.html.php
  12. +62
    -22
      system/htmly.php
  13. +25
    -2
      system/includes/functions.php
  14. +1
    -1
      system/includes/session.php

+ 8
- 6
system/admin/admin.php View File

@ -19,7 +19,7 @@ function session($user, $pass, $str = null) {
if(file_exists($user_file)) {
if($pass === $user_pass) {
$_SESSION['user'] = $user;
$_SESSION[config("site.url")]['user'] = $user;
header('location: admin');
}
else {
@ -189,6 +189,7 @@ function add_page($title, $url, $content) {
// Delete blog post
function delete_post($file, $destination) {
if(!login()) return null;
$deleted_content = $file;
// Get cache file
@ -213,6 +214,7 @@ function delete_post($file, $destination) {
// Delete static page
function delete_page($file, $destination) {
if(!login()) return null;
$deleted_content = $file;
if (!empty($menu)) {
@ -322,7 +324,7 @@ function get_feed($feed_url, $credit, $message=null) {
$tags = strip_tags(preg_replace(array('/[^a-zA-Z0-9,.\-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($entry->category)));
$title = rtrim($entry->title, ' \,\.\-');
$title = ltrim($title, ' \,\.\-');
$user = $_SESSION['user'];
$user = $_SESSION[config("site.url")]['user'];
$url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($title)));
if ($credit == 'yes') {
$source = $entry->link;
@ -341,8 +343,8 @@ function get_feed($feed_url, $credit, $message=null) {
// Get recent posts by user
function get_recent_posts() {
if (isset($_SESSION['user'])) {
$posts = get_profile($_SESSION['user'], 1, 5);
if (isset($_SESSION[config("site.url")]['user'])) {
$posts = get_profile($_SESSION[config("site.url")]['user'], 1, 5);
if(!empty($posts)) {
echo '<table class="post-list">';
echo '<tr class="head"><th>Title</th><th>Published</th><th>Tag</th><th>Operations</th></tr>';
@ -372,7 +374,7 @@ function get_recent_posts() {
// Get all static pages
function get_recent_pages() {
if (isset($_SESSION['user'])) {
if (isset($_SESSION[config("site.url")]['user'])) {
$posts = get_static_post(null);
if(!empty($posts)) {
krsort($posts);
@ -402,7 +404,7 @@ function get_recent_pages() {
// Get all available zip files
function get_backup_files () {
if (isset($_SESSION['user'])) {
if (isset($_SESSION[config("site.url")]['user'])) {
$files = get_zip_files();
if(!empty($files)) {
krsort($files);


+ 1
- 0
system/admin/views/add-page.html.php View File

@ -13,6 +13,7 @@
<br><br>
<div id="wmd-button-bar" class="wmd-button-bar"></div>
<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php if (isset($postContent)) { echo $postContent;} ?></textarea><br/>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
<input type="submit" name="submit" class="submit" value="Publish"/>
</form>
</div>


+ 1
- 0
system/admin/views/add-post.html.php View File

@ -14,6 +14,7 @@
<br><br>
<div id="wmd-button-bar" class="wmd-button-bar"></div>
<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php if (isset($postContent)) { echo $postContent;} ?></textarea><br/>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
<input type="submit" name="submit" class="submit" value="Publish"/>
</form>
</div>


+ 1
- 0
system/admin/views/delete-page.html.php View File

@ -27,6 +27,7 @@
<?php echo '<p>Are you sure want to delete <strong>' . $p->title . '</strong>?</p>';?>
<form method="POST">
<input type="hidden" name="file" value="<?php echo $p->file ?>"/><br>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
<input type="submit" name="submit" value="Delete"/>
<span><a href="<?php echo $back ?>">Cancel</a></span>
</form>

+ 1
- 0
system/admin/views/delete-post.html.php View File

@ -34,6 +34,7 @@
<?php echo '<p>Are you sure want to delete <strong>' . $p->title . '</strong>?</p>';?>
<form method="POST">
<input type="hidden" name="file" value="<?php echo $p->file ?>"/><br>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
<input type="submit" name="submit" value="Delete"/>
<span><a href="<?php echo $back ?>">Cancel</a></span>
</form>

+ 1
- 0
system/admin/views/edit-page.html.php View File

@ -45,6 +45,7 @@
<div id="wmd-button-bar" class="wmd-button-bar"></div>
<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php echo $oldcontent ?></textarea><br>
<input type="hidden" name="oldfile" class="text" value="<?php echo $url ?>"/>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
<input type="submit" name="submit" class="submit" value="Save"/> <a href="<?php echo $delete?>">Delete</a>
</form>
</div>


+ 1
- 0
system/admin/views/edit-post.html.php View File

@ -60,6 +60,7 @@
<div id="wmd-button-bar" class="wmd-button-bar"></div>
<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php echo $oldcontent ?></textarea><br>
<input type="hidden" name="oldfile" class="text" value="<?php echo $url ?>"/>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
<input type="submit" name="submit" class="submit" value="Save"/> <a href="<?php echo $delete?>">Delete</a>
</form>
</div>


+ 3
- 2
system/admin/views/edit-profile.html.php View File

@ -1,7 +1,7 @@
<?php
if(isset($_SESSION['user'])) {
$user = $_SESSION['user'];
if(isset($_SESSION[config("site.url")]['user'])) {
$user = $_SESSION[config("site.url")]['user'];
}
$filename = 'content/' . $user . '/author.md';
@ -37,6 +37,7 @@
Title <span class="required">*</span> <br><input type="text" name="title" class="text <?php if (isset($postTitle)) { if (empty($postTitle)) { echo 'error';}} ?>" value="<?php echo $oldtitle?>"/><br><br>
<div id="wmd-button-bar" class="wmd-button-bar"></div>
<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php echo $oldcontent ?></textarea><br>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
<input type="submit" name="submit" class="submit" value="Save"/>
</form>
</div>


+ 1
- 0
system/admin/views/import.html.php View File

@ -6,5 +6,6 @@
<form method="POST">
Feed Url <span class="required">*</span> <br><input type="url" class="text <?php if (isset($url)) { if (empty($url)) { echo 'error';}} ?>" name="url"/><br><br>
Add source link (optional) <input type="checkbox" class="checkbox" name="credit" value="yes"/><br><br>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
<input type="submit" name="submit" class="submit" value="Import"/>
</form>

+ 1
- 0
system/admin/views/login.html.php View File

@ -8,6 +8,7 @@
<input type="text" class="<?php if (isset($username)) { if (empty($username)) { echo 'error';}} ?>" name="user"/><br><br>
Password <span class="required">*</span> <br>
<input type="password" class="<?php if (isset($password)) { if (empty($password)) { echo 'error';}} ?>" name="password"/><br><br>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
<input type="submit" name="submit" value="Login"/>
</form>
<?php } else {header('location: admin');} ?>

+ 1
- 1
system/admin/views/logout.html.php View File

@ -1,6 +1,6 @@
<?php
session_destroy();
unset($_SESSION[config("site.url")]);
header('location: login');

+ 62
- 22
system/htmly.php View File

@ -58,9 +58,11 @@ get('/index', function () {
// Get submitted login data
post('/login', function() {
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
$user = from($_REQUEST, 'user');
$pass = from($_REQUEST, 'password');
if(!empty($user) && !empty($pass)) {
if($proper && !empty($user) && !empty($pass)) {
session($user, $pass, null);
$log = session($user, $pass, null);
@ -85,6 +87,9 @@ post('/login', function() {
if (empty($pass)) {
$message['error'] .= '<li>Password field is required.</li>';
}
if(! $proper ) {
$message['error'] .= '<li>CSRF Token not correct.</li>';
}
config('views.root', 'system/admin/views');
@ -156,7 +161,7 @@ get('/:year/:month/:name/edit', function($year, $month, $name){
if(login()) {
$user = $_SESSION['user'];
$user = $_SESSION[config("site.url")]['user'];
$role = user('role', $user);
config('views.root', 'system/admin/views');
@ -193,6 +198,8 @@ get('/:year/:month/:name/edit', function($year, $month, $name){
// Get edited data for blog post
post('/:year/:month/:name/edit', function() {
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
$title = from($_REQUEST, 'title');
$tag = from($_REQUEST, 'tag');
@ -200,7 +207,7 @@ post('/:year/:month/:name/edit', function() {
$content = from($_REQUEST, 'content');
$oldfile = from($_REQUEST, 'oldfile');
$destination = from($_GET, 'destination');
if(!empty($title) && !empty($tag) && !empty($content)) {
if($proper && !empty($title) && !empty($tag) && !empty($content)) {
if(!empty($url)) {
edit_post($title, $tag, $url, $content, $oldfile, $destination);
}
@ -220,6 +227,9 @@ post('/:year/:month/:name/edit', function() {
if (empty($content)) {
$message['error'] .= '<li>Content field is required.</li>';
}
if(! $proper ) {
$message['error'] .= '<li>CSRF Token not correct.</li>';
}
config('views.root', 'system/admin/views');
render('edit-post',array(
@ -242,7 +252,7 @@ get('/:year/:month/:name/delete', function($year, $month, $name){
if(login()) {
$user = $_SESSION['user'];
$user = $_SESSION[config("site.url")]['user'];
$role = user('role', $user);
config('views.root', 'system/admin/views');
@ -280,10 +290,13 @@ get('/:year/:month/:name/delete', function($year, $month, $name){
// Get deleted data for blog post
post('/:year/:month/:name/delete', function() {
$file = from($_REQUEST, 'file');
$destination = from($_GET, 'destination');
delete_post($file, $destination);
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
if($proper)
{
$file = from($_REQUEST, 'file');
$destination = from($_GET, 'destination');
delete_post($file, $destination);
}
});
// The author page
@ -356,11 +369,13 @@ get('/edit/profile', function(){
// Get edited data for static page
post('/edit/profile', function() {
$user = $_SESSION['user'];
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
$user = $_SESSION[config("site.url")]['user'];
$title = from($_REQUEST, 'title');
$content = from($_REQUEST, 'content');
if(!empty($title) && !empty($content)) {
if($proper && !empty($title) && !empty($content)) {
edit_profile($title, $content, $user);
}
else {
@ -371,6 +386,9 @@ post('/edit/profile', function() {
if (empty($content)) {
$message['error'] .= '<li>Content field is required.</li>';
}
if(! $proper ) {
$message['error'] .= '<li>CSRF Token not correct.</li>';
}
config('views.root', 'system/admin/views');
render('edit-profile',array(
@ -387,7 +405,7 @@ post('/edit/profile', function() {
get('/admin/posts', function () {
$user = $_SESSION['user'];
$user = $_SESSION[config("site.url")]['user'];
$role = user('role', $user);
if(login()) {
@ -449,7 +467,7 @@ get('/admin/mine', function(){
config('views.root', 'system/admin/views');
$profile = $_SESSION['user'];
$profile = $_SESSION[config("site.url")]['user'];
$page = from($_GET, 'page');
$page = $page ? (int)$page : 1;
@ -627,13 +645,14 @@ get('/:static/edit', function($static){
// Get edited data for static page
post('/:static/edit', function() {
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
$title = from($_REQUEST, 'title');
$url = from($_REQUEST, 'url');
$content = from($_REQUEST, 'content');
$oldfile = from($_REQUEST, 'oldfile');
$destination = from($_GET, 'destination');
if(!empty($title) && !empty($content)) {
if($proper && !empty($title) && !empty($content)) {
if(!empty($url)) {
edit_page($title, $url, $content, $oldfile, $destination);
}
@ -650,6 +669,9 @@ post('/:static/edit', function() {
if (empty($content)) {
$message['error'] .= '<li>Content field is required.</li>';
}
if(! $proper ) {
$message['error'] .= '<li>CSRF Token not correct.</li>';
}
config('views.root', 'system/admin/views');
render('edit-page',array(
@ -697,10 +719,13 @@ get('/:static/delete', function($static){
// Get deleted data for static page
post('/:static/delete', function() {
$file = from($_REQUEST, 'file');
$destination = from($_GET, 'destination');
delete_page($file, $destination);
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
if($proper)
{
$file = from($_REQUEST, 'file');
$destination = from($_GET, 'destination');
delete_page($file, $destination);
}
});
// Add blog post
@ -725,12 +750,14 @@ get('/add/post', function(){
// Get submitted blog post data
post('/add/post', function(){
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
$title = from($_REQUEST, 'title');
$tag = from($_REQUEST, 'tag');
$url = from($_REQUEST, 'url');
$content = from($_REQUEST, 'content');
$user = $_SESSION['user'];
if(!empty($title) && !empty($tag) && !empty($content)) {
$user = $_SESSION[config("site.url")]['user'];
if($proper && !empty($title) && !empty($tag) && !empty($content)) {
if(!empty($url)) {
add_post($title, $tag, $url, $content, $user);
}
@ -750,6 +777,9 @@ post('/add/post', function(){
if (empty($content)) {
$message['error'] .= '<li>Content field is required.</li>';
}
if(! $proper ) {
$message['error'] .= '<li>CSRF Token not correct.</li>';
}
config('views.root', 'system/admin/views');
render('add-post',array(
'head_contents' => head_contents('Add post - ' . blog_title(), blog_description(), site_url()),
@ -787,10 +817,12 @@ get('/add/page', function(){
// Get submitted static page data
post('/add/page', function(){
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
$title = from($_REQUEST, 'title');
$url = from($_REQUEST, 'url');
$content = from($_REQUEST, 'content');
if(!empty($title) && !empty($content)) {
if($proper && !empty($title) && !empty($content)) {
if(!empty($url)) {
add_page($title, $url, $content);
}
@ -807,6 +839,9 @@ post('/add/page', function(){
if (empty($content)) {
$message['error'] .= '<li>Content field is required.</li>';
}
if(! $proper ) {
$message['error'] .= '<li>CSRF Token not correct.</li>';
}
config('views.root', 'system/admin/views');
render('add-page',array(
'head_contents' => head_contents('Add page - ' . blog_title(), blog_description(), site_url()),
@ -840,6 +875,8 @@ get('/admin/import',function(){
// Get import post
post('/admin/import', function() {
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
$url = from($_REQUEST, 'url');
$credit = from($_REQUEST, 'credit');
@ -865,6 +902,9 @@ post('/admin/import', function() {
if(empty($url)) {
$message['error'] .= '<li>You need to specify the feed url.</li>';
}
if(! $proper ) {
$message['error'] .= '<li>CSRF Token not correct.</li>';
}
config('views.root', 'system/admin/views');


+ 25
- 2
system/includes/functions.php View File

@ -894,7 +894,7 @@ function get_thumbnail($text) {
// Return edit tab on post
function tab($p) {
$user = $_SESSION['user'];
$user = $_SESSION[config("site.url")]['user'];
$role = user('role', $user);
if(isset($p->author)) {
if ($user === $p->author || $role === 'admin') {
@ -1669,7 +1669,7 @@ function head_contents($title, $description, $canonical) {
// Return toolbar
function toolbar() {
$user = $_SESSION['user'];
$user = $_SESSION[config("site.url")]['user'];
$role = user('role', $user);
$base = site_url();
@ -1702,4 +1702,27 @@ function file_cache($request) {
readfile($cachefile);
die;
}
}
function generate_csrf_token()
{
$_SESSION[config("site.url")]['csrf_token'] = sha1(microtime(true).mt_rand(10000,90000));
}
function get_csrf()
{
if(! isset($_SESSION[config("site.url")]['csrf_token']) || empty($_SESSION[config("site.url")]['csrf_token']))
{
generate_csrf_token();
}
return $_SESSION[config("site.url")]['csrf_token'];
}
function is_csrf_proper($csrf_token)
{
if($csrf_token == get_csrf())
{
return true;
}
return false;
}

+ 1
- 1
system/includes/session.php View File

@ -4,7 +4,7 @@ session_start();
function login() {
if(isset($_SESSION['user']) && !empty($_SESSION['user'])) {
if(isset($_SESSION[config("site.url")]['user']) && !empty($_SESSION[config("site.url")]['user'])) {
return true;
}
else {


Write Preview
Loading…
Cancel
Save