mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-05 04:37:51 +02:00
Code Issues Releases Wiki Activity

Plugins Manager Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 15:04:02 +03:00
parent 831a4d8ecb
commit 582c469148
2 changed files with 56 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
plugins/box/plugins/plugins.admin.php Normal file → Executable file
View File

@@ -29,24 +29,28 @@
// ------------------------------------- // -------------------------------------
if (Request::get('delete_plugin')) { if (Request::get('delete_plugin')) {
// Nobody cant remove box plugins if (Security::check(Request::get('token'))) {
if ($installed_plugins[Text::lowercase(str_replace("Plugin", "", Request::get('delete_plugin')))]['privilege'] !== 'box') {
// Run plugin uninstaller file // Nobody cant remove box plugins
$plugin_name = Request::get('delete_plugin'); if ($installed_plugins[Text::lowercase(str_replace("Plugin", "", Request::get('delete_plugin')))]['privilege'] !== 'box') {
if (File::exists(PLUGINS . DS . $plugin_name . DS .'install' . DS . $plugin_name . '.uninstall.php')) {
include PLUGINS . DS . $plugin_name . DS . 'install' . DS . $plugin_name . '.uninstall.php'; // Run plugin uninstaller file
$plugin_name = Request::get('delete_plugin');
if (File::exists(PLUGINS . DS . $plugin_name . DS .'install' . DS . $plugin_name . '.uninstall.php')) {
include PLUGINS . DS . $plugin_name . DS . 'install' . DS . $plugin_name . '.uninstall.php';
}
// Clean i18n cache
Cache::clean('i18n');
// Delete plugin form plugins table
$plugins->deleteWhere('[name="'.Request::get('delete_plugin').'"]');
// Redirect
Request::redirect('index.php?id=plugins');
} }
// Clean i18n cache } else { die('csrf detected!'); }
Cache::clean('i18n');
// Delete plugin form plugins table
$plugins->deleteWhere('[name="'.Request::get('delete_plugin').'"]');
// Redirect
Request::redirect('index.php?id=plugins');
}
} }
@@ -54,33 +58,43 @@
// ------------------------------------- // -------------------------------------
if (Request::get('install')) { if (Request::get('install')) {
// Load plugin install xml file if (Security::check(Request::get('token'))) {
$plugin_xml = XML::loadFile(PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . Request::get('install'));
// Add plugin to plugins table // Load plugin install xml file
$plugins->insert(array('name' => basename(Request::get('install'), '.manifest.xml'), $plugin_xml = XML::loadFile(PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . Request::get('install'));
'location' => (string)$plugin_xml->plugin_location,
'status' => (string)$plugin_xml->plugin_status,
'priority' => (int)$plugin_xml->plugin_priority));
// Clean i18n cache // Add plugin to plugins table
Cache::clean('i18n'); $plugins->insert(array('name' => basename(Request::get('install'), '.manifest.xml'),
'location' => (string)$plugin_xml->plugin_location,
'status' => (string)$plugin_xml->plugin_status,
'priority' => (int)$plugin_xml->plugin_priority));
// Run plugin installer file // Clean i18n cache
$plugin_name = str_replace(array("Plugin", ".manifest.xml"), "", Request::get('install')); Cache::clean('i18n');
if (File::exists(PLUGINS . DS .basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php')) {
include PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php';
}
Request::redirect('index.php?id=plugins'); // Run plugin installer file
$plugin_name = str_replace(array("Plugin", ".manifest.xml"), "", Request::get('install'));
if (File::exists(PLUGINS . DS .basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php')) {
include PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php';
}
Request::redirect('index.php?id=plugins');
} else { die('csrf detected!'); }
} }
// Delete plugin from server // Delete plugin from server
// ------------------------------------- // -------------------------------------
if (Request::get('delete_plugin_from_server')) { if (Request::get('delete_plugin_from_server')) {
Dir::delete(PLUGINS . DS . basename(Request::get('delete_plugin_from_server'), '.manifest.xml'));
Request::redirect('index.php?id=plugins'); if (Security::check(Request::get('token'))) {
Dir::delete(PLUGINS . DS . basename(Request::get('delete_plugin_from_server'), '.manifest.xml'));
Request::redirect('index.php?id=plugins');
} else { die('csrf detected!'); }
} }

6
plugins/box/plugins/views/backend/index.view.php Normal file → Executable file
View File

@@ -42,7 +42,7 @@
</td> </td>
<td> <td>
<?php echo Html::anchor(__('Uninstall', 'plugins'), <?php echo Html::anchor(__('Uninstall', 'plugins'),
'index.php?id=plugins&delete_plugin='.$plugin['id'], 'index.php?id=plugins&delete_plugin='.$plugin['id'].'&token='.Security::token(),
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete plugin :plugin', 'plugins', array(':plugin' => $plugin['id']))."')")); array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete plugin :plugin', 'plugins', array(':plugin' => $plugin['id']))."')"));
?> ?>
</td> </td>
@@ -81,9 +81,9 @@
<?php echo $plugin_xml->plugin_version; ?> <?php echo $plugin_xml->plugin_version; ?>
</td> </td>
<td> <td>
<?php echo Html::anchor(__('Install', 'plugins'), 'index.php?id=plugins&install='.$plug['plugin'], array('class' => 'btn btn-actions')); ?> <?php echo Html::anchor(__('Install', 'plugins'), 'index.php?id=plugins&install='.$plug['plugin'].'&token='.Security::token(), array('class' => 'btn btn-actions')); ?>
<?php echo Html::anchor(__('Delete', 'plugins'), <?php echo Html::anchor(__('Delete', 'plugins'),
'index.php?id=plugins&delete_plugin_from_server='.Text::lowercase(basename($plug['path'],'.manifest.xml')), 'index.php?id=plugins&delete_plugin_from_server='.Text::lowercase(basename($plug['path'],'.manifest.xml')).'&token='.Security::token(),
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete plugin :plugin', 'plugins', array(':plugin' => Text::lowercase(basename($plug['path'],'.manifest.xml'))) )."')")); array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete plugin :plugin', 'plugins', array(':plugin' => Text::lowercase(basename($plug['path'],'.manifest.xml'))) )."')"));
?> ?>
</td> </td>