mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-01 14:30:32 +02:00
[ticket/14789] Add link hashes and form tokens to all acp links/buttons
This will further harden the ACP security by adding link hashes to links and form tokens to forms that did not have these yet and result in modified settings or write action on the filesystem or database. These few links and forms were still relying on the global ACP protection, mainly due to them not posing further risks of compromising data. After this change these will now also be properly protected against tampering. PHPBB3-14789
This commit is contained in:
@@ -46,6 +46,9 @@ class acp_modules
|
||||
$user->add_lang('acp/modules');
|
||||
$this->tpl_name = 'acp_modules';
|
||||
|
||||
$form_key = 'acp_modules';
|
||||
add_form_key($form_key);
|
||||
|
||||
// module class
|
||||
$this->module_class = $mode;
|
||||
|
||||
@@ -119,6 +122,11 @@ class acp_modules
|
||||
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
|
||||
}
|
||||
|
||||
if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
|
||||
{
|
||||
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
|
||||
}
|
||||
|
||||
$sql = 'SELECT *
|
||||
FROM ' . MODULES_TABLE . "
|
||||
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
|
||||
@@ -150,6 +158,11 @@ class acp_modules
|
||||
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
|
||||
}
|
||||
|
||||
if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
|
||||
{
|
||||
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
|
||||
}
|
||||
|
||||
$sql = 'SELECT *
|
||||
FROM ' . MODULES_TABLE . "
|
||||
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
|
||||
@@ -273,6 +286,11 @@ class acp_modules
|
||||
|
||||
if ($submit)
|
||||
{
|
||||
if (!check_form_key($form_key))
|
||||
{
|
||||
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
|
||||
}
|
||||
|
||||
if (!$module_data['module_langname'])
|
||||
{
|
||||
trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
|
||||
@@ -460,12 +478,12 @@ class acp_modules
|
||||
'S_ACP_MODULE_MANAGEMENT' => ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false,
|
||||
|
||||
'U_MODULE' => $this->u_action . '&parent_id=' . $row['module_id'],
|
||||
'U_MOVE_UP' => $url . '&action=move_up',
|
||||
'U_MOVE_DOWN' => $url . '&action=move_down',
|
||||
'U_MOVE_UP' => $url . '&action=move_up&hash=' . generate_link_hash('acp_modules'),
|
||||
'U_MOVE_DOWN' => $url . '&action=move_down&hash=' . generate_link_hash('acp_modules'),
|
||||
'U_EDIT' => $url . '&action=edit',
|
||||
'U_DELETE' => $url . '&action=delete',
|
||||
'U_ENABLE' => $url . '&action=enable',
|
||||
'U_DISABLE' => $url . '&action=disable')
|
||||
'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
|
||||
'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
|
||||
);
|
||||
}
|
||||
while ($row = $db->sql_fetchrow($result));
|
||||
@@ -484,8 +502,8 @@ class acp_modules
|
||||
|
||||
'U_EDIT' => $url . '&action=edit',
|
||||
'U_DELETE' => $url . '&action=delete',
|
||||
'U_ENABLE' => $url . '&action=enable',
|
||||
'U_DISABLE' => $url . '&action=disable')
|
||||
'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
|
||||
'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
|
||||
);
|
||||
}
|
||||
$db->sql_freeresult($result);
|
||||
|
Reference in New Issue
Block a user