Permalink
Browse files

Added missing CSRF protection

  • Loading branch information...
thorsten committed Jul 29, 2018
1 parent 74adc5b commit 9ec84ff1515e455c290b5c90cf9501c82d80a357
Showing with 16 additions and 8 deletions.
  1. +5 −1 phpmyfaq/admin/ajax.user.php
  2. +11 −7 phpmyfaq/admin/user.php
@@ -70,14 +70,18 @@
break;
case 'activate_user':
if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
$http->sendJsonWithHeaders(array('error' => $PMF_LANG['err_NotAuth']));
exit(1);
}
$user->getUserById($userId, true);
$user->setStatus('blocked');
$user->activateUser();
echo json_encode($user->getStatus());
break;
case 'delete_user':
if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
$http->sendJsonWithHeaders(array('error' => $PMF_LANG['err_NotAuth']));
exit(1);
@@ -717,8 +717,10 @@ class="permission">
</td>
<td>
<?php if ($user->getStatus() === 'blocked'): ?>
<a onclick="activateUser(<?php echo $user->getUserData('user_id') ?>); return false;"
href="javascript:;" class="btn btn-success btn_user_id_<?php echo $user->getUserId() ?>"">
<a onclick="activateUser(this); return false;"
href="javascript:;" class="btn btn-success btn_user_id_<?php echo $user->getUserData('user_id') ?>"
data-csrf-token="<?php echo $currentUser->getCsrfTokenFromSession() ?>"
data-user-id="<?php echo $user->getUserData('user_id') ?>">
<?php echo $PMF_LANG['ad_news_set_active'] ?>
</a>
<?php endif;
@@ -746,7 +748,7 @@ class="permission">
/**
* Ajax call to delete user
*
* @param userId
* @param identifier
*/
function deleteUser(identifier) {
if (confirm('<?php echo $PMF_LANG['ad_user_del_3'] ?>')) {
@@ -764,16 +766,18 @@ function(response) {
/**
* Ajax call to delete user
*
* @param userId
* @param identifier
*/
function activateUser(userId) {
function activateUser(identifier) {
if (confirm('<?php echo $PMF_LANG['ad_user_del_3'] ?>')) {
$.getJSON("index.php?action=ajax&ajax=user&ajaxaction=activate_user&user_id=" + userId,
var csrf = $(identifier).data('csrf-token');
var userId = $(identifier).data('user-id');
$.getJSON("index.php?action=ajax&ajax=user&ajaxaction=activate_user&user_id=" + userId + "&csrf=" + csrf,
function() {
var icon = $('.icon_user_id_' + userId);
icon.toggleClass('fa-lock fa-check');
$('.btn_user_id_' + userId).remove();
console.log($(this));
});
}
}

0 comments on commit 9ec84ff

Please sign in to comment.