security: fix potential CSRF issue

Partial cherry-pick of a3da816 Fixes #392
PodcastGenerator · Feb 2, 2021 · 3589db1 · 3589db1
1 parent 00a137b
commit 3589db1
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/PodcastGenerator/admin/pg_config.php b/PodcastGenerator/admin/pg_config.php
@@ -11,6 +11,7 @@
 require '../core/include_admin.php';
 
 if (isset($_GET['edit'])) {
+    checkToken();
     foreach ($_POST as $key => $value) {
         updateConfig('../config.php', $key, $value);
     }
@@ -61,9 +62,10 @@
             <small><?php echo _('This is the full address of the WebSub hub to alert when the podcast is updated.'); ?></small><br>
             <input type="text" name="websub_server" value="<?php echo htmlspecialchars($config['websub_server']); ?>"><br>
             <hr>
+            <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
             <input type="submit" value="<?php echo _("Submit"); ?>" class="btn btn-success"><br>
         </form>
     </div>
 </body>
 
-</html>
+</html>
diff --git a/PodcastGenerator/core/misc/functions.php b/PodcastGenerator/core/misc/functions.php
@@ -60,4 +60,21 @@ function getUsers()
 {
     global $config;
     return json_decode($config['users_json'], true);
-}
+}
+
+function randomString($length = 8)
+{
+    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    $charactersLength = strlen($characters);
+    $randomString = '';
+    for ($i = 0; $i < $length; $i++) {
+        $randomString .= $characters[rand(0, $charactersLength - 1)];
+    }
+    return $randomString;
+}
+
+function checkToken()
+{
+    if(!isset($_POST['token']) || ($_POST['token'] != $_SESSION['token']))
+        die("Potential CSRF attack");
+}