Skip to content

Commit bfc6c80

Browse files
committed
5632,5644 removed array_multisort to fix module install issues, and added csrftoken to fix postential CSRF attack
1 parent df8a546 commit bfc6c80

File tree

2 files changed

+39
-8
lines changed

2 files changed

+39
-8
lines changed

Diff for: mods/_core/modules/install_modules.php

+23-7
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@
1818
require(AT_INCLUDE_PATH.'../mods/_core/modules/classes/ModuleListParser.class.php');
1919
require_once(AT_INCLUDE_PATH.'../mods/_core/file_manager/filemanager.inc.php');
2020
// delete all folders and files in $dir
21+
22+
2123
function clear_dir($dir)
2224
{
2325
if ($dh = opendir($dir))
@@ -154,8 +156,15 @@ function clear_dir($dir)
154156

155157
if (!$msg->containsErrors())
156158
{
157-
header('Location: module_install_step_1.php?mod='.urlencode($module_folder).SEP.'new=1');
158-
exit;
159+
if($_POST['csrftoken'] != $_SESSION['token']){
160+
$msg->addError('ACCESS_DENIED');
161+
} else {
162+
163+
header('Location: module_install_step_1.php?mod='.urlencode($module_folder).SEP.'new=1');
164+
exit;
165+
}
166+
//header('Location: module_install_step_1.php?mod='.urlencode($module_folder).SEP.'new=1');
167+
//exit;
159168
}
160169
}
161170

@@ -181,8 +190,13 @@ function clear_dir($dir)
181190
$dir_name = str_replace(array('.','..'), '', $_POST['mod']);
182191

183192
if (isset($_POST['install_manually'])) {
184-
header('Location: '.AT_BASE_HREF.'mods/_core/modules/module_install_step_2.php?mod='.urlencode($dir_name).SEP.'new=1'.SEP.'mod_in=1');
185-
exit;
193+
// Check for potential CSRF
194+
if($_POST['csrftoken'] != $_SESSION['token']){
195+
$msg->addError('ACCESS_DENIED');
196+
} else {
197+
header('Location: '.AT_BASE_HREF.'mods/_core/modules/module_install_step_2.php?mod='.urlencode($dir_name).SEP.'new=1'.SEP.'mod_in=1');
198+
exit;
199+
}
186200
}
187201

188202
} else if (isset($_POST['install_manually'])) {
@@ -255,16 +269,18 @@ function validate_filename() {
255269

256270
// Add $module_list_array as the last parameter, to sort by the common key
257271
// Sorts by original $module_list_array by reference, then returns true|false
258-
$sort_by_version = array_multisort($version, SORT_DESC, $module_list_array);
272+
//$sort_by_version = array_multisort($version, SORT_DESC, $module_list_array);
259273

260274
// Create menu for filter ATutor versions
261-
function select_atversion(){
275+
function select_atversion($v=0){
262276
global $sort_versions;
263277
$menu = '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
264278
$menu.= '<select name="atversions">';
265279
$menu.= '<option value="0">'._AT("all").'</option>';
266280
foreach($sort_versions as $version){
267-
if($version == VERSION){
281+
if($version == $v){
282+
$menu .= '<option value="'.$version.'" selected="selected">'.$version.'</option>';
283+
}else if($version == VERSION){
268284
$menu .= '<option value="'.$version.'" selected="selected">'.$version.'</option>';
269285
}else{
270286
$menu .= '<option value="'.$version.'" >'.$version.'</option>';

Diff for: themes/default/admin/modules/install_modules.tmpl.php

+16-1
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88

99
<div class="row">
1010
<input type="hidden" name="MAX_FILE_SIZE" value="52428800" />
11+
<input type="hidden" name="csrftoken" value="<?php echo $_SESSION['token'];?>" />
1112
<input type="file" name="modulefile" size="50" />
1213
</div>
1314

@@ -26,6 +27,7 @@
2627
{
2728
?>
2829
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="installform">
30+
<input type="hidden" name="csrftoken" value="<?php echo $_SESSION['token'];?>" />
2931
<table class="data" summary="">
3032
<thead>
3133
<tr>
@@ -82,10 +84,23 @@
8284
<div class="row">
8385
<?php echo _AT('old_module_notes'); ?>
8486
</div>
85-
<?php echo select_atversion(); ?>
87+
<?php
88+
89+
if(isset($_POST['atversions'])){
90+
$v = htmlspecialchars($_POST['atversions']);
91+
$_SESSION['atversion'] = $_POST['atversions'];
92+
} elseif(isset($_SESSION['atversion'] )){
93+
$v = substr($_SESSION['atversion'], 0, 3);
94+
} else {
95+
$v = substr(VERSION, 0, 3);
96+
}
97+
echo select_atversion($v);
98+
99+
?>
86100
</div>
87101
</fieldset>
88102
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form">
103+
<input type="hidden" name="csrftoken" value="<?php echo $_SESSION['token'];?>" />
89104
<table class="data" summary="">
90105
<thead>
91106
<tr>

0 commit comments

Comments
 (0)