Backup Plugin: csrf vulnerability resolved

2025-08-05 20:57:49 +02:00 · 2012-10-03 13:46:00 +03:00
parent d36c06d8a6
commit 3f7b10592f
2 changed files with 29 additions and 19 deletions
--- a/plugins/box/backup/backup.admin.php
+++ b/plugins/box/backup/backup.admin.php
@@ -16,37 +16,46 @@
            // Create backup
            // -------------------------------------    
            if (Request::post('create_backup')) {
+
+                if (Security::check(Request::post('csrf'))) {
                
-                @set_time_limit(0);
-                @ini_set("memory_limit", "512M");
+                    @set_time_limit(0);
+                    @ini_set("memory_limit", "512M");

-                $zip = Zip::factory();
+                    $zip = Zip::factory();

-                // Add storage folder
-                $zip->readDir(STORAGE . DS, false); 
+                    // Add storage folder
+                    $zip->readDir(STORAGE . DS, false); 

-                // Add public folder 
-                if (Request::post('add_public_folder')) $zip->readDir(ROOT . DS . 'public' . DS, false);
-                
-                // Add plugins folder
-                if (Request::post('add_plugins_folder')) $zip->readDir(PLUGINS . DS, false);
+                    // Add public folder 
+                    if (Request::post('add_public_folder')) $zip->readDir(ROOT . DS . 'public' . DS, false);
+                    
+                    // Add plugins folder
+                    if (Request::post('add_plugins_folder')) $zip->readDir(PLUGINS . DS, false);

-                $zip->archive($backups_path . DS . Date::format(time(), "Y-m-d-H-i-s").'.zip');
+                    $zip->archive($backups_path . DS . Date::format(time(), "Y-m-d-H-i-s").'.zip');
+
+                } else { die('csrf detected!'); }
            }
            
            // Delete backup
            // -------------------------------------    
-            if (Request::get('sub_id') == 'backup') {
-                if (Request::get('delete_file')) {
+            if (Request::get('sub_id') == 'backup' && Request::get('delete_file')) {                
+                
+                if (Security::check(Request::get('token'))) {
+
                    File::delete($backups_path . DS . Request::get('delete_file'));
-                    Request::redirect(Option::get('siteurl').'admin/index.php?id=backup');
-                }
+                    Request::redirect(Option::get('siteurl').'admin/index.php?id=backup');                
+
+                } else { die('csrf detected!'); }
            }

            // Download backup
            // -------------------------------------    
-            if (Request::get('download')) {                                
-                File::download($backups_path . DS . Request::get('download'));                
+            if (Request::get('download')) {    
+                if (Security::check(Request::get('token'))) {                            
+                    File::download($backups_path . DS . Request::get('download'));                
+                } else { die('csrf detected!'); }
            }

            // Get backup list