mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-05 04:37:51 +02:00
Code Issues Releases Wiki Activity

Plugins Manager Plugin: csrf vulnerability resolved

Browse Source
This commit is contained in:
Awilum
2012-10-03 15:04:02 +03:00
parent 831a4d8ecb
commit 582c469148
2 changed files with 56 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
plugins/box/plugins/plugins.admin.php Normal file → Executable file
View File

@@ -29,24 +29,28 @@
// -------------------------------------
if (Request::get('delete_plugin')) {
// Nobody cant remove box plugins
if ($installed_plugins[Text::lowercase(str_replace("Plugin", "", Request::get('delete_plugin')))]['privilege'] !== 'box') {
if (Security::check(Request::get('token'))) {
// Run plugin uninstaller file
$plugin_name = Request::get('delete_plugin');
if (File::exists(PLUGINS . DS . $plugin_name . DS .'install' . DS . $plugin_name . '.uninstall.php')) {
include PLUGINS . DS . $plugin_name . DS . 'install' . DS . $plugin_name . '.uninstall.php';
// Nobody cant remove box plugins
if ($installed_plugins[Text::lowercase(str_replace("Plugin", "", Request::get('delete_plugin')))]['privilege'] !== 'box') {
// Run plugin uninstaller file
$plugin_name = Request::get('delete_plugin');
if (File::exists(PLUGINS . DS . $plugin_name . DS .'install' . DS . $plugin_name . '.uninstall.php')) {
include PLUGINS . DS . $plugin_name . DS . 'install' . DS . $plugin_name . '.uninstall.php';
}
// Clean i18n cache
Cache::clean('i18n');
// Delete plugin form plugins table
$plugins->deleteWhere('[name="'.Request::get('delete_plugin').'"]');
// Redirect
Request::redirect('index.php?id=plugins');
}
// Clean i18n cache
Cache::clean('i18n');
// Delete plugin form plugins table
$plugins->deleteWhere('[name="'.Request::get('delete_plugin').'"]');
// Redirect
Request::redirect('index.php?id=plugins');
}
} else { die('csrf detected!'); }
}
@@ -54,33 +58,43 @@
// -------------------------------------
if (Request::get('install')) {
// Load plugin install xml file
$plugin_xml = XML::loadFile(PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . Request::get('install'));
if (Security::check(Request::get('token'))) {
// Add plugin to plugins table
$plugins->insert(array('name' => basename(Request::get('install'), '.manifest.xml'),
'location' => (string)$plugin_xml->plugin_location,
'status' => (string)$plugin_xml->plugin_status,
'priority' => (int)$plugin_xml->plugin_priority));
// Load plugin install xml file
$plugin_xml = XML::loadFile(PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . Request::get('install'));
// Clean i18n cache
Cache::clean('i18n');
// Add plugin to plugins table
$plugins->insert(array('name' => basename(Request::get('install'), '.manifest.xml'),
'location' => (string)$plugin_xml->plugin_location,
'status' => (string)$plugin_xml->plugin_status,
'priority' => (int)$plugin_xml->plugin_priority));
// Run plugin installer file
$plugin_name = str_replace(array("Plugin", ".manifest.xml"), "", Request::get('install'));
if (File::exists(PLUGINS . DS .basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php')) {
include PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php';
}
// Clean i18n cache
Cache::clean('i18n');
Request::redirect('index.php?id=plugins');
// Run plugin installer file
$plugin_name = str_replace(array("Plugin", ".manifest.xml"), "", Request::get('install'));
if (File::exists(PLUGINS . DS .basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php')) {
include PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php';
}
Request::redirect('index.php?id=plugins');
} else { die('csrf detected!'); }
}
// Delete plugin from server
// -------------------------------------
if (Request::get('delete_plugin_from_server')) {
Dir::delete(PLUGINS . DS . basename(Request::get('delete_plugin_from_server'), '.manifest.xml'));
Request::redirect('index.php?id=plugins');
if (Security::check(Request::get('token'))) {
Dir::delete(PLUGINS . DS . basename(Request::get('delete_plugin_from_server'), '.manifest.xml'));
Request::redirect('index.php?id=plugins');
} else { die('csrf detected!'); }
}

6
plugins/box/plugins/views/backend/index.view.php Normal file → Executable file
View File

@@ -42,7 +42,7 @@
</td>
<td>
<?php echo Html::anchor(__('Uninstall', 'plugins'),
'index.php?id=plugins&delete_plugin='.$plugin['id'],
'index.php?id=plugins&delete_plugin='.$plugin['id'].'&token='.Security::token(),
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete plugin :plugin', 'plugins', array(':plugin' => $plugin['id']))."')"));
?>
</td>
@@ -81,9 +81,9 @@
<?php echo $plugin_xml->plugin_version; ?>
</td>
<td>
<?php echo Html::anchor(__('Install', 'plugins'), 'index.php?id=plugins&install='.$plug['plugin'], array('class' => 'btn btn-actions')); ?>
<?php echo Html::anchor(__('Install', 'plugins'), 'index.php?id=plugins&install='.$plug['plugin'].'&token='.Security::token(), array('class' => 'btn btn-actions')); ?>
<?php echo Html::anchor(__('Delete', 'plugins'),
'index.php?id=plugins&delete_plugin_from_server='.Text::lowercase(basename($plug['path'],'.manifest.xml')),
'index.php?id=plugins&delete_plugin_from_server='.Text::lowercase(basename($plug['path'],'.manifest.xml')).'&token='.Security::token(),
array('class' => 'btn btn-actions', 'onclick' => "return confirmDelete('".__('Delete plugin :plugin', 'plugins', array(':plugin' => Text::lowercase(basename($plug['path'],'.manifest.xml'))) )."')"));
?>
</td>