Skip to content
Permalink
Browse files Browse the repository at this point in the history
Require POST for sending forms
* Ensure that the form is submitted with a post request
* Replaced several links with forms

Closes engelsystem#494 (Security Vulnerability)
  • Loading branch information
MyIgel authored and msquare committed Nov 24, 2018
1 parent 7e45452 commit 2e28336
Show file tree
Hide file tree
Showing 30 changed files with 304 additions and 278 deletions.
4 changes: 2 additions & 2 deletions includes/controller/angeltypes_controller.php
Expand Up @@ -86,7 +86,7 @@ function angeltype_delete_controller()

$angeltype = load_angeltype();

if (request()->has('confirmed')) {
if (request()->hasPostData('delete')) {
AngelType_delete($angeltype);
success(sprintf(__('Angeltype %s deleted.'), AngelType_name_render($angeltype)));
redirect(page_link_to('angeltypes'));
Expand Down Expand Up @@ -127,7 +127,7 @@ function angeltype_edit_controller()
$angeltype = AngelType_new();
}

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
$valid = true;

if (!$supporter_mode) {
Expand Down
2 changes: 1 addition & 1 deletion includes/controller/event_config_controller.php
Expand Up @@ -35,7 +35,7 @@ function event_config_edit_controller()
/** @var Carbon $teardown_end_date */
$teardown_end_date = $config->get('teardown_end');

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
$valid = true;

if ($request->has('event_name')) {
Expand Down
12 changes: 6 additions & 6 deletions includes/controller/shift_entries_controller.php
Expand Up @@ -96,7 +96,7 @@ function shift_entry_create_controller_admin($shift, $angeltype)
$angeltype = $angeltypes[0];
}

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
ShiftEntry_create([
'SID' => $shift['SID'],
'TID' => $angeltype['id'],
Expand Down Expand Up @@ -167,7 +167,7 @@ function shift_entry_create_controller_supporter($shift, $angeltype)
redirect(shift_link($shift));
}

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
ShiftEntry_create([
'SID' => $shift['SID'],
'TID' => $angeltype['id'],
Expand Down Expand Up @@ -246,7 +246,7 @@ function shift_entry_create_controller_user($shift, $angeltype)
}

$comment = '';
if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
$comment = strip_request_item_nl('comment');
ShiftEntry_create([
'SID' => $shift['SID'],
Expand Down Expand Up @@ -346,7 +346,7 @@ function shift_entry_delete_controller()
redirect(user_link($signout_user->id));
}

if ($request->has('continue')) {
if ($request->hasPostData('delete')) {
ShiftEntry_delete($shiftEntry);
success(__('Shift entry removed.'));
redirect(shift_link($shift));
Expand All @@ -355,13 +355,13 @@ function shift_entry_delete_controller()
if ($user->id == $signout_user->id) {
return [
ShiftEntry_delete_title(),
ShiftEntry_delete_view($shiftEntry, $shift, $angeltype, $signout_user->id)
ShiftEntry_delete_view($shift, $angeltype, $signout_user->id)
];
}

return [
ShiftEntry_delete_title(),
ShiftEntry_delete_view_admin($shiftEntry, $shift, $angeltype, $signout_user)
ShiftEntry_delete_view_admin($shift, $angeltype, $signout_user)
];
}

Expand Down
11 changes: 6 additions & 5 deletions includes/controller/shifts_controller.php
Expand Up @@ -81,7 +81,7 @@ function shift_edit_controller()
$start = $shift['start'];
$end = $shift['end'];

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
// Name/Bezeichnung der Schicht, darf leer sein
$title = strip_request_item('title');

Expand Down Expand Up @@ -222,7 +222,7 @@ function shift_delete_controller()
}

// Schicht löschen bestätigt
if ($request->has('delete')) {
if ($request->hasPostData('delete')) {
Shift_delete($shift_id);

engelsystem_log(
Expand All @@ -241,9 +241,10 @@ function shift_delete_controller()
date('Y-m-d H:i', $shift['start']),
date('H:i', $shift['end'])
), true),
'<a class="button" href="'
. page_link_to('user_shifts', ['delete_shift' => $shift_id, 'delete' => 1]) .
'">' . __('delete') . '</a>'
form([
form_hidden('delete_shift', $shift_id),
form_submit('delete', __('delete')),
]),
]);
}

Expand Down
4 changes: 2 additions & 2 deletions includes/controller/shifttypes_controller.php
Expand Up @@ -26,7 +26,7 @@ function shifttype_delete_controller()
redirect(page_link_to('shifttypes'));
}

if ($request->has('confirmed')) {
if ($request->hasPostData('delete')) {
ShiftType_delete($shifttype['id']);

engelsystem_log('Deleted shifttype ' . $shifttype['name']);
Expand Down Expand Up @@ -67,7 +67,7 @@ function shifttype_edit_controller()
$description = $shifttype['description'];
}

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
$valid = true;

if ($request->has('name') && $request->input('name') != '') {
Expand Down
14 changes: 7 additions & 7 deletions includes/controller/user_angeltypes_controller.php
Expand Up @@ -59,7 +59,7 @@ function user_angeltypes_delete_all_controller()
redirect(page_link_to('angeltypes'));
}

if ($request->has('confirmed')) {
if ($request->hasPostData('deny_all')) {
UserAngelTypes_delete_all($angeltype['id']);

engelsystem_log(sprintf('Denied all users for angeltype %s', AngelType_name_render($angeltype)));
Expand Down Expand Up @@ -100,7 +100,7 @@ function user_angeltypes_confirm_all_controller()
redirect(page_link_to('angeltypes'));
}

if ($request->has('confirmed')) {
if ($request->hasPostData('confirm_all')) {
UserAngelTypes_confirm_all($angeltype['id'], $user->id);

engelsystem_log(sprintf('Confirmed all users for angeltype %s', AngelType_name_render($angeltype)));
Expand Down Expand Up @@ -152,7 +152,7 @@ function user_angeltype_confirm_controller()
redirect(page_link_to('angeltypes'));
}

if ($request->has('confirmed')) {
if ($request->hasPostData('confirm_user')) {
UserAngelType_confirm($user_angeltype['id'], $user->id);

engelsystem_log(sprintf(
Expand Down Expand Up @@ -212,7 +212,7 @@ function user_angeltype_delete_controller()
redirect(page_link_to('angeltypes'));
}

if ($request->has('confirmed')) {
if ($request->hasPostData('delete')) {
UserAngelType_delete($user_angeltype);

$success_message = sprintf(__('User %s removed from %s.'), User_Nick_render($user_source), $angeltype['name']);
Expand Down Expand Up @@ -274,7 +274,7 @@ function user_angeltype_update_controller()
redirect(page_link_to('angeltypes'));
}

if ($request->has('confirmed')) {
if ($request->hasPostData('submit')) {
UserAngelType_update($user_angeltype['id'], $supporter);

$success_message = sprintf(
Expand Down Expand Up @@ -318,7 +318,7 @@ function user_angeltype_add_controller()
// Load possible users, that are not in the angeltype already
$users_source = Users_by_angeltype_inverted($angeltype);

if (request()->has('submit')) {
if (request()->hasPostData('submit')) {
$user_source = load_user();

if (!UserAngelType_exists($user_source->id, $angeltype)) {
Expand Down Expand Up @@ -369,7 +369,7 @@ function user_angeltype_join_controller($angeltype)
redirect(page_link_to('angeltypes'));
}

if (request()->has('confirmed')) {
if (request()->hasPostData('submit')) {
$user_angeltype_id = UserAngelType_create($user->id, $angeltype);

$success_message = sprintf(__('You joined %s.'), $angeltype['name']);
Expand Down
2 changes: 1 addition & 1 deletion includes/controller/user_driver_licenses_controller.php
Expand Up @@ -114,7 +114,7 @@ function user_driver_license_edit_controller()
$wants_to_drive = true;
}

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
$wants_to_drive = $request->has('wants_to_drive');
if ($wants_to_drive) {
$user_driver_license['has_car'] = $request->has('has_car');
Expand Down
8 changes: 4 additions & 4 deletions includes/controller/user_worklog_controller.php
Expand Up @@ -16,7 +16,7 @@ function user_worklog_delete_controller()
}
$user_source = User::find($userWorkLog['user_id']);

if ($request->has('confirmed')) {
if ($request->hasPostData('submit')) {
UserWorkLog_delete($userWorkLog);

success(__('Work log entry deleted.'));
Expand All @@ -25,7 +25,7 @@ function user_worklog_delete_controller()

return [
UserWorkLog_delete_title(),
UserWorkLog_delete_view($user_source, $userWorkLog)
UserWorkLog_delete_view($user_source)
];
}

Expand All @@ -43,7 +43,7 @@ function user_worklog_edit_controller()
}
$user_source = User::find($userWorkLog['user_id']);

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
list ($valid, $userWorkLog) = user_worklog_from_request($userWorkLog);

if ($valid) {
Expand Down Expand Up @@ -114,7 +114,7 @@ function user_worklog_add_controller()

$userWorkLog = UserWorkLog_new($user_source->id);

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
list ($valid, $userWorkLog) = user_worklog_from_request($userWorkLog);

if ($valid) {
Expand Down
10 changes: 6 additions & 4 deletions includes/controller/users_controller.php
Expand Up @@ -66,7 +66,7 @@ function user_delete_controller()
redirect(user_link($user->id));
}

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
$valid = true;

if (
Expand All @@ -80,6 +80,8 @@ function user_delete_controller()
}

if ($valid) {
// Load data before user deletion to prevent errors when displaying
$user_source->load(['contact', 'personalData', 'settings', 'state']);
$user_source->delete();

mail_user_delete($user_source);
Expand Down Expand Up @@ -150,7 +152,7 @@ function user_edit_vouchers_controller()
redirect(page_link_to(''));
}

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
$valid = true;

$vouchers = '';
Expand Down Expand Up @@ -326,7 +328,7 @@ function user_password_recovery_set_new_controller()
redirect(page_link_to('login'));
}

if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
$valid = true;

if (
Expand Down Expand Up @@ -361,7 +363,7 @@ function user_password_recovery_set_new_controller()
function user_password_recovery_start_controller()
{
$request = request();
if ($request->has('submit')) {
if ($request->hasPostData('submit')) {
$valid = true;

$user_source = null;
Expand Down

0 comments on commit 2e28336

Please sign in to comment.