Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
improv. fix http_host exploit
  • Loading branch information
nivcoo committed Jan 16, 2022
1 parent 5e25692 commit 9b84b6a
Show file tree
Hide file tree
Showing 7 changed files with 23 additions and 4 deletions.
2 changes: 2 additions & 0 deletions app/Config/Schema/schema.php
Expand Up @@ -54,6 +54,7 @@ class AppSchema extends CakeSchema
];
public $configurations = [
'id' => ['type' => 'integer', 'null' => false, 'default' => null, 'length' => 20, 'unsigned' => false, 'key' => 'primary'],
'website_url' => ['type' => 'text', 'null' => false, 'default' => "https://domain.fr", 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
'name' => ['type' => 'string', 'null' => false, 'default' => null, 'length' => 50, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
'email' => ['type' => 'string', 'null' => false, 'default' => null, 'length' => 50, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
'lang' => ['type' => 'string', 'null' => false, 'default' => 'fr', 'length' => 5, 'collate' => 'latin1_swedish_ci', 'charset' => 'latin1'],
Expand Down Expand Up @@ -398,6 +399,7 @@ public function after($event = [], $install = false, $updateContent = [])
if (!$exist) {
$configuration->create(); // la config de base
$configuration->set([
'website_url' => 'https://domain.fr',
'name' => 'MineWeb',
'email' => 'noreply@mineweb.org',
'lang' => 'fr_FR',
Expand Down
4 changes: 2 additions & 2 deletions app/Controller/UserController.php
Expand Up @@ -225,7 +225,7 @@ function ajax_lostpasswd()
$message = $this->Lang->get('USER__PASSWORD_RESET_EMAIL_CONTENT', [
'{EMAIL}' => $this->request->data['email'],
'{PSEUDO}' => $search['User']['pseudo'],
'{LINK}' => Router::url('/?resetpasswd_' . $key, true)
'{LINK}' => $this->Configuration->getKey('website_url') . DS . "/?resetpasswd_$key"
]);
$event = new CakeEvent('beforeSendResetPassMail', $this, ['user_id' => $search['User']['id'], 'key' => $key]);
$this->getEventManager()->dispatch($event);
Expand Down Expand Up @@ -493,7 +493,7 @@ function resend_confirmation()
if (!$this->Configuration->getKey('confirm_mail_signup') || empty($confirmed) || date('Y-m-d H:i:s', strtotime($confirmed)) == $confirmed)
throw new NotFoundException();
$emailMsg = $this->Lang->get('EMAIL__CONTENT_CONFIRM_MAIL', [
'{LINK}' => Router::url('/user/confirm/', true) . $confirmed,
'{LINK}' => $this->Configuration->getKey('website_url') . "/user/confirm/$confirmed",
'{IP}' => $this->Util->getIP(),
'{USERNAME}' => $user['pseudo'],
'{DATE}' => $this->Lang->date(date('Y-m-d H:i:s'))
Expand Down
17 changes: 15 additions & 2 deletions app/View/Configuration/admin_index.ctp
Expand Up @@ -13,15 +13,28 @@

<ul class="nav nav-tabs">
<li class="nav-item">
<a class="nav-link text-dark active" href="#tab_1" data-toggle="tab" aria-expanded="true"><?= $Lang->get('CONFIG__GENERAL_PREFERENCES') ?></a>
<a class="nav-link text-dark active" href="#tab_1" data-toggle="tab"
aria-expanded="true"><?= $Lang->get('CONFIG__GENERAL_PREFERENCES') ?></a>
</li>
<li class="nav-item">
<a class="nav-link text-dark" href="#tab_2" data-toggle="tab" aria-expanded="false"><?= $Lang->get('CONFIG__OTHER_PREFERENCES') ?></a>
<a class="nav-link text-dark" href="#tab_2" data-toggle="tab"
aria-expanded="false"><?= $Lang->get('CONFIG__OTHER_PREFERENCES') ?></a>
</li>
</ul>
<div class="tab-content">
<div class="tab-pane fade show active" id="tab_1">

<div class="form-group">
<label><?= $Lang->get('CONFIG__KEY_WEBSITE_URL') ?></label>
<?= $this->Form->input(false, [
'div' => false,
'type' => 'text',
'name' => 'name',
'class' => 'form-control',
'value' => $config['website_url']
]); ?>
</div>

<div class="form-group">
<label><?= $Lang->get('CONFIG__KEY_NAME') ?></label>
<?= $this->Form->input(false, [
Expand Down
1 change: 1 addition & 0 deletions lang/en_UK.json
Expand Up @@ -185,6 +185,7 @@
"CONFIG__SOCIAL_PREFERENCES": "Social preferences",
"CONFIG__OTHER_PREFERENCES": "Preferences other",
"CONFIG__EDIT_SUCCESS": "Configuration successfully changed!",
"CONFIG__KEY_WEBSITE_URL": "Site address (With protocol, http/https)",
"CONFIG__KEY_NAME": "Site Name",
"CONFIG__KEY_VERSION": "CMS Version",
"CONFIG__KEY_EMAIL": "Email to send emails to users",
Expand Down
1 change: 1 addition & 0 deletions lang/en_US.json
Expand Up @@ -185,6 +185,7 @@
"CONFIG__SOCIAL_PREFERENCES": "Social preferences",
"CONFIG__OTHER_PREFERENCES": "Preferences other",
"CONFIG__EDIT_SUCCESS": "Configuration successfully changed!",
"CONFIG__KEY_WEBSITE_URL": "Site address (With protocol, http/https)",
"CONFIG__KEY_NAME": "Site Name",
"CONFIG__KEY_VERSION": "CMS Version",
"CONFIG__KEY_EMAIL": "Email to send emails to users",
Expand Down
1 change: 1 addition & 0 deletions lang/fr_FR.json
Expand Up @@ -185,6 +185,7 @@
"CONFIG__SOCIAL_PREFERENCES": "Préférences sociales",
"CONFIG__OTHER_PREFERENCES": "Préférences autres",
"CONFIG__EDIT_SUCCESS":"Configuration modifiée avec succès !",
"CONFIG__KEY_WEBSITE_URL": "Adresse du Site (Avec protocol, http/https)",
"CONFIG__KEY_NAME": "Nom du site",
"CONFIG__KEY_VERSION": "Version du CMS",
"CONFIG__KEY_EMAIL": "Email pour envoyer des emails aux utilisateurs",
Expand Down
1 change: 1 addition & 0 deletions lang/ru_RU.json
Expand Up @@ -185,6 +185,7 @@
"CONFIG__SOCIAL_PREFERENCES" : "Социальные предпочтения" ,
"CONFIG__OTHER_PREFERENCES": "Настройки другого",
"CONFIG__EDIT_SUCCESS" : "Конфигурация успешно изменена!" ,
"CONFIG__KEY_WEBSITE_URL": "Адрес сайта (С протоколом, http/https)",
"CONFIG__KEY_NAME": "Имя сайта",
"CONFIG__KEY_VERSION": "Версия CMS",
"CONFIG__KEY_EMAIL": "Электронная почта для отправки электронных писем пользователям",
Expand Down

0 comments on commit 9b84b6a

Please sign in to comment.