mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-16 13:44:12 +02:00
Code Issues Releases Wiki Activity

[ticket/14789] Add link hashes and form tokens to all acp links/buttons

Browse Source 
This will further harden the ACP security by adding link hashes to links and
form tokens to forms that did not have these yet and result in modified
settings or write action on the filesystem or database. These few links and
forms were still relying on the global ACP protection, mainly due to them
not posing further risks of compromising data. After this change these will
now also be properly protected against tampering.

PHPBB3-14789
This commit is contained in:
Marc Alexander
2016-09-18 01:14:23 +02:00
parent 27e33f39f7
commit 585a3ed863
8 changed files with 111 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
phpBB/includes/acp/acp_modules.php
View File

@@ -46,6 +46,9 @@ class acp_modules
$user->add_lang('acp/modules');
$this->tpl_name = 'acp_modules';
$form_key = 'acp_modules';
add_form_key($form_key);
// module class
$this->module_class = $mode;
@@ -119,6 +122,11 @@ class acp_modules
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
$sql = 'SELECT *
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -150,6 +158,11 @@ class acp_modules
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
$sql = 'SELECT *
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -273,6 +286,11 @@ class acp_modules
if ($submit)
{
if (!check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
}
if (!$module_data['module_langname'])
{
trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
@@ -460,12 +478,12 @@ class acp_modules
'S_ACP_MODULE_MANAGEMENT' => ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false,
'U_MODULE' => $this->u_action . '&parent_id=' . $row['module_id'],
'U_MOVE_UP' => $url . '&action=move_up',
'U_MOVE_DOWN' => $url . '&action=move_down',
'U_MOVE_UP' => $url . '&action=move_up&hash=' . generate_link_hash('acp_modules'),
'U_MOVE_DOWN' => $url . '&action=move_down&hash=' . generate_link_hash('acp_modules'),
'U_EDIT' => $url . '&action=edit',
'U_DELETE' => $url . '&action=delete',
'U_ENABLE' => $url . '&action=enable',
'U_DISABLE' => $url . '&action=disable')
'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
);
}
while ($row = $db->sql_fetchrow($result));
@@ -484,8 +502,8 @@ class acp_modules
'U_EDIT' => $url . '&action=edit',
'U_DELETE' => $url . '&action=delete',
'U_ENABLE' => $url . '&action=enable',
'U_DISABLE' => $url . '&action=disable')
'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
);
}
$db->sql_freeresult($result);