[getversion/kernelvers] Prevent unauthenticated clients from making a…

…rbitrary requests, thanks @0x41c
FOGProject · Jan 28, 2023 · 9125f35 · 9125f35
1 parent f6f85a0
commit 9125f35
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 11 deletions.
diff --git a/packages/web/service/getversion.php b/packages/web/service/getversion.php
@@ -28,20 +28,30 @@
  * @link     https://fogproject.org
  */
 require '../commons/base.inc.php';
-$clientUpdate = (bool)FOGCore::getSetting('FOG_CLIENT_AUTOUPDATE');
+$clientUpdate = (bool) FOGCore::getSetting('FOG_CLIENT_AUTOUPDATE');
 if (isset($_REQUEST['client'])) {
     $ver = (
-        $clientUpdate ?
+        $clientUpdate ? 
         '9.9.99' :
         '0.0.0'
     );
 } elseif (isset($_REQUEST['clientver'])) {
     $ver = (
-        $clientUpdate ?
+        $clientUpdate ? 
         FOG_CLIENT_VERSION :
         '0.0.0'
     );
 } elseif (isset($_REQUEST['url'])) {
+
+    // Prevent an unauthenticated user from making arbitrary requests.
+    $unauthorized = !$currentUser->isValid() || empty($_SERVER['HTTP_X_REQUESTED_WITH'])
+        || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest';
+
+    if ($unauthorized) {
+        echo _('Unauthorized');
+        exit;
+    }
+
     $url = $_REQUEST['url'];
     $res = $FOGURLRequests
         ->process($_REQUEST['url']);
@@ -50,4 +60,4 @@
     $ver = FOG_VERSION;
 }
 echo $ver;
-exit;
+exit;
diff --git a/packages/web/status/kernelvers.php b/packages/web/status/kernelvers.php
@@ -24,16 +24,28 @@
 ignore_user_abort(true);
 set_time_limit(0);
 header('Content-Type: text/event-stream');
-$url = filter_input(INPUT_POST, 'url');
-if ($url) {
+
+if (isset($_POST['url'])) {
+
+    // Prevent an unauthenticated user from making arbitrary requests.
+    $unauthorized = !$currentUser->isValid() || empty($_SERVER['HTTP_X_REQUESTED_WITH'])
+        || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest';
+
+    if ($unauthorized) {
+        echo _('Unauthorized');
+        exit;
+    }
+
     $res = $FOGURLRequests
-        ->process($url);
-    foreach ((array)$res as &$response) {
+        ->process(filter_input(INPUT_POST, 'url'));
+    foreach ((array) $res as &$response) {
         echo $response;
         unset($response);
     }
+
     exit;
 }
+
 $kernelvers = function ($kernel) {
     $currpath = sprintf(
         '%s%sservice%sipxe%s%s',
@@ -57,9 +69,9 @@
 );
 printf(
     "bzImage Version: %s\n",
-    $kernelvers('bzImage')
+        $kernelvers('bzImage')
 );
 printf(
     "bzImage32 Version: %s",
-    $kernelvers('bzImage32')
-);
+        $kernelvers('bzImage32')
+);