Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed a Cross-Site Request Forgery exploit that would allow logged-in…

… BigTree admins hitting a malicious page to automatically create / update users.
  • Loading branch information...
commit 4b0faa90fa8b9e1776c86db716894dcd7e6b4834 1 parent 4630c90
@timbuckingham timbuckingham authored
View
28 core/admin/modules/users/create.php
@@ -1,13 +1,23 @@
<?
- $admin->requireLevel(1);
- $id = $admin->createUser($_POST);
+ if ($_SERVER["HTTP_REFERER"] != ADMIN_ROOT."users/add/") {
+?>
+<div class="container">
+ <section>
+ <p>To create a user, please access the <a href="<?=ADMIN_ROOT?>users/add/">Add User</a> page.</p>
+ </section>
+</div>
+<?
+ } else {
+ $admin->requireLevel(1);
+ $id = $admin->createUser($_POST);
+
+ if (!$id) {
+ $_SESSION["bigtree_admin"]["create_user"] = $_POST;
+ $admin->growl("Users","Creation Failed","error");
+ BigTree::redirect(ADMIN_ROOT."users/add/");
+ }
- if (!$id) {
- $_SESSION["bigtree_admin"]["create_user"] = $_POST;
- $admin->growl("Users","Creation Failed","error");
- BigTree::redirect(ADMIN_ROOT."users/add/");
+ $admin->growl("Users","Added User");
+ BigTree::redirect(ADMIN_ROOT."users/edit/$id/");
}
-
- $admin->growl("Users","Added User");
- BigTree::redirect(ADMIN_ROOT."users/edit/$id/");
?>
View
36 core/admin/modules/users/update.php
@@ -1,16 +1,26 @@
<?
- $perms = json_decode($_POST["permissions"],true);
- $_POST["permissions"] = array("page" => $perms["Page"],"module" => $perms["Module"],"resources" => $perms["Resource"],"module_gbp" => $perms["ModuleGBP"]);
- $_POST["alerts"] = json_decode($_POST["alerts"],true);
- $success = $admin->updateUser($_POST["id"],$_POST);
-
- if (!$success) {
- $_SESSION["bigtree_admin"]["update_user"] = $_POST;
- $admin->growl("Users","Update Failed","error");
- BigTree::redirect(ADMIN_ROOT."users/edit/".end($bigtree["path"])."/");
+ if ($_SERVER["HTTP_REFERER"] != ADMIN_ROOT."users/edit/".$_POST["id"]."/") {
+?>
+<div class="container">
+ <section>
+ <p>To update a user, please access the <a href="<?=ADMIN_ROOT?>users/edit/<?=$_POST["id"]?>/">Edit User</a> page.</p>
+ </section>
+</div>
+<?
+ } else {
+ $perms = json_decode($_POST["permissions"],true);
+ $_POST["permissions"] = array("page" => $perms["Page"],"module" => $perms["Module"],"resources" => $perms["Resource"],"module_gbp" => $perms["ModuleGBP"]);
+ $_POST["alerts"] = json_decode($_POST["alerts"],true);
+ $success = $admin->updateUser($_POST["id"],$_POST);
+
+ if (!$success) {
+ $_SESSION["bigtree_admin"]["update_user"] = $_POST;
+ $admin->growl("Users","Update Failed","error");
+ BigTree::redirect(ADMIN_ROOT."users/edit/".end($bigtree["path"])."/");
+ }
+
+ $admin->growl("Users","Updated User");
+
+ BigTree::redirect(ADMIN_ROOT."users/");
}
-
- $admin->growl("Users","Updated User");
-
- BigTree::redirect(ADMIN_ROOT."users/");
?>
Please sign in to comment.
Something went wrong with that request. Please try again.