mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-07-31 02:10:37 +02:00
Code Issues Releases Wiki Activity

Backup Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 13:46:00 +03:00
parent d36c06d8a6
commit 3f7b10592f
2 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
plugins/box/backup/backup.admin.php Normal file → Executable file
View File

@@ -16,37 +16,46 @@
// Create backup
// -------------------------------------
if (Request::post('create_backup')) {
if (Security::check(Request::post('csrf'))) {
@set_time_limit(0);
@ini_set("memory_limit", "512M");
@set_time_limit(0);
@ini_set("memory_limit", "512M");
$zip = Zip::factory();
$zip = Zip::factory();
// Add storage folder
$zip->readDir(STORAGE . DS, false);
// Add storage folder
$zip->readDir(STORAGE . DS, false);
// Add public folder
if (Request::post('add_public_folder')) $zip->readDir(ROOT . DS . 'public' . DS, false);
// Add plugins folder
if (Request::post('add_plugins_folder')) $zip->readDir(PLUGINS . DS, false);
// Add public folder
if (Request::post('add_public_folder')) $zip->readDir(ROOT . DS . 'public' . DS, false);
// Add plugins folder
if (Request::post('add_plugins_folder')) $zip->readDir(PLUGINS . DS, false);
$zip->archive($backups_path . DS . Date::format(time(), "Y-m-d-H-i-s").'.zip');
$zip->archive($backups_path . DS . Date::format(time(), "Y-m-d-H-i-s").'.zip');
} else { die('csrf detected!'); }
}
// Delete backup
// -------------------------------------
if (Request::get('sub_id') == 'backup') {
if (Request::get('delete_file')) {
if (Request::get('sub_id') == 'backup' && Request::get('delete_file')) {
if (Security::check(Request::get('token'))) {
File::delete($backups_path . DS . Request::get('delete_file'));
Request::redirect(Option::get('siteurl').'admin/index.php?id=backup');
}
Request::redirect(Option::get('siteurl').'admin/index.php?id=backup');
} else { die('csrf detected!'); }
}
// Download backup
// -------------------------------------
if (Request::get('download')) {
File::download($backups_path . DS . Request::get('download'));
if (Request::get('download')) {
if (Security::check(Request::get('token'))) {
File::download($backups_path . DS . Request::get('download'));
} else { die('csrf detected!'); }
}
// Get backup list

5
plugins/box/backup/views/backend/index.view.php Normal file → Executable file
View File

@@ -10,6 +10,7 @@ $().ready(function(){$('[name=create_backup]').click(function(){$(this).button('
<?php
echo (
Form::open() .
Form::hidden('csrf', Security::token()).
Form::checkbox('add_storage_folder', null, true, array('disabled' => 'disabled')) . ' ' . __('storage', 'backup') . ' ' . Html::nbsp(2) .
Form::checkbox('add_public_folder') . ' ' . __('public', 'backup') . ' ' . Html::nbsp(2) .
Form::checkbox('add_plugins_folder') . ' ' . __('plugins', 'backup') . ' ' . Html::nbsp(2) .
@@ -32,12 +33,12 @@ $().ready(function(){$('[name=create_backup]').click(function(){$(this).button('
<tr>
<td>
<?php $name = strtotime(str_replace('-', '', basename($backup, '.zip'))); ?>
<?php echo Html::anchor(Date::format($name, 'F jS, Y - g:i A'), Option::get('siteurl').'admin/index.php?id=backup&download='.$backup); ?>
<?php echo Html::anchor(Date::format($name, 'F jS, Y - g:i A'), Option::get('siteurl').'admin/index.php?id=backup&download='.$backup.'&token='.Security::token()); ?>
</td>
<td><?php echo Number::byteFormat(filesize(ROOT . DS . 'backups' . DS . $backup)); ?></td>
<td>
<?php echo Html::anchor(__('Delete', 'backup'),
'index.php?id=system&sub_id=backup&delete_file='.$backup,
'index.php?id=system&sub_id=backup&delete_file='.$backup.'&token='.Security::token(),
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete backup: :backup', 'backup', array(':backup' => Date::format($name, 'F jS, Y - g:i A')))."')"));
?>
</td>