Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix: added CSRF check for the logout
  • Loading branch information
thorsten committed Jul 27, 2022
1 parent c3e0aeb commit 3af0bbb
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 3 deletions.
1 change: 0 additions & 1 deletion phpmyfaq/assets/src/setup.js
Expand Up @@ -112,7 +112,6 @@ $(document).ready(function () {
),
isValid = true;

console.log('Button clicked', curStepBtn);

$('.form-group.row input').removeClass('is-invalid');
for (let i = 0; i < curInputs.length; i++) {
Expand Down
18 changes: 16 additions & 2 deletions phpmyfaq/index.php
Expand Up @@ -120,6 +120,16 @@
$faqpassword = '';
}

//
// Get CSRF Token
//
$csrfToken = Filter::filterInput(INPUT_GET, 'csrf', FILTER_UNSAFE_RAW);
if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
$csrfChecked = false;
} else {
$csrfChecked = true;
}

// Login via local DB or LDAP or SSO
if (!is_null($faqusername) && !is_null($faqpassword)) {
$user = new CurrentUser($faqConfig);
Expand Down Expand Up @@ -175,7 +185,7 @@
//
// Logout
//
if ('logout' === $action && isset($auth)) {
if ($csrfChecked && 'logout' === $action && isset($auth)) {
$user->deleteFromSession(true);
$auth = null;
$action = 'main';
Expand Down Expand Up @@ -677,7 +687,11 @@
$PMF_LANG['headerUserControlPanel'] . '</a>',
'msgUserRemoval' => '<a class="dropdown-item" href="?action=request-removal">' .
$PMF_LANG['ad_menu_RequestRemove'] . '</a>',
'msgLogoutUser' => '<a class="dropdown-item" href="?action=logout">' . $PMF_LANG['ad_menu_logout'] . '</a>',
'msgLogoutUser' => sprintf(
'<a class="dropdown-item" href="?action=logout&csrf=%s">%s</a>',
$user->getCsrfTokenFromSession(),
$PMF_LANG['ad_menu_logout'],
),
'activeUserControl' => ('ucp' == $action) ? 'active' : ''
]
);
Expand Down

0 comments on commit 3af0bbb

Please sign in to comment.