Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Fixed a Cross-Site Request Forgery exploit that would allow logged-in…
… BigTree admins hitting a malicious page to automatically create / update users.
- Loading branch information
1 parent
4630c90
commit 4b0faa90fa8b9e1776c86db716894dcd7e6b4834
Showing
with
42 additions
and 22 deletions.
| @@ -1,13 +1,23 @@ | ||
| <? | ||
| $admin->requireLevel(1); | ||
| $id = $admin->createUser($_POST); | ||
| if ($_SERVER["HTTP_REFERER"] != ADMIN_ROOT."users/add/") { | ||
| ?> | ||
| <div class="container"> | ||
| <section> | ||
| <p>To create a user, please access the <a href="<?=ADMIN_ROOT?>users/add/">Add User</a> page.</p> | ||
| </section> | ||
| </div> | ||
| <? | ||
| } else { | ||
| $admin->requireLevel(1); | ||
| $id = $admin->createUser($_POST); | ||
|
|
||
| if (!$id) { | ||
| $_SESSION["bigtree_admin"]["create_user"] = $_POST; | ||
| $admin->growl("Users","Creation Failed","error"); | ||
| BigTree::redirect(ADMIN_ROOT."users/add/"); | ||
| } | ||
|
|
||
| if (!$id) { | ||
| $_SESSION["bigtree_admin"]["create_user"] = $_POST; | ||
| $admin->growl("Users","Creation Failed","error"); | ||
| BigTree::redirect(ADMIN_ROOT."users/add/"); | ||
| $admin->growl("Users","Added User"); | ||
| BigTree::redirect(ADMIN_ROOT."users/edit/$id/"); | ||
| } | ||
|
|
||
| $admin->growl("Users","Added User"); | ||
| BigTree::redirect(ADMIN_ROOT."users/edit/$id/"); | ||
| ?> |
| @@ -1,16 +1,26 @@ | ||
| <? | ||
| $perms = json_decode($_POST["permissions"],true); | ||
| $_POST["permissions"] = array("page" => $perms["Page"],"module" => $perms["Module"],"resources" => $perms["Resource"],"module_gbp" => $perms["ModuleGBP"]); | ||
| $_POST["alerts"] = json_decode($_POST["alerts"],true); | ||
| $success = $admin->updateUser($_POST["id"],$_POST); | ||
|
|
||
| if (!$success) { | ||
| $_SESSION["bigtree_admin"]["update_user"] = $_POST; | ||
| $admin->growl("Users","Update Failed","error"); | ||
| BigTree::redirect(ADMIN_ROOT."users/edit/".end($bigtree["path"])."/"); | ||
| if ($_SERVER["HTTP_REFERER"] != ADMIN_ROOT."users/edit/".$_POST["id"]."/") { | ||
| ?> | ||
| <div class="container"> | ||
| <section> | ||
| <p>To update a user, please access the <a href="<?=ADMIN_ROOT?>users/edit/<?=$_POST["id"]?>/">Edit User</a> page.</p> | ||
| </section> | ||
| </div> | ||
| <? | ||
| } else { | ||
| $perms = json_decode($_POST["permissions"],true); | ||
| $_POST["permissions"] = array("page" => $perms["Page"],"module" => $perms["Module"],"resources" => $perms["Resource"],"module_gbp" => $perms["ModuleGBP"]); | ||
| $_POST["alerts"] = json_decode($_POST["alerts"],true); | ||
| $success = $admin->updateUser($_POST["id"],$_POST); | ||
|
|
||
| if (!$success) { | ||
| $_SESSION["bigtree_admin"]["update_user"] = $_POST; | ||
| $admin->growl("Users","Update Failed","error"); | ||
| BigTree::redirect(ADMIN_ROOT."users/edit/".end($bigtree["path"])."/"); | ||
| } | ||
|
|
||
| $admin->growl("Users","Updated User"); | ||
|
|
||
| BigTree::redirect(ADMIN_ROOT."users/"); | ||
| } | ||
|
|
||
| $admin->growl("Users","Updated User"); | ||
|
|
||
| BigTree::redirect(ADMIN_ROOT."users/"); | ||
| ?> |