Merge pull request #42 from NoahvdAa/patch-3
Added CSRF protection to file manager.
This commit is contained in:
Daniel Winzen
@ -125,10 +125,18 @@ if(@!ftp_chdir($ftp, $dir)){
|
||||
}
|
||||
|
||||
if(!empty($_POST['mkdir']) && !empty($_POST['name'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
}
|
||||
ftp_mkdir($ftp, $_POST['name']);
|
||||
}
|
||||
|
||||
if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
}
|
||||
$tmpfile='/tmp/'.uniqid();
|
||||
touch($tmpfile);
|
||||
ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY);
|
||||
@ -136,23 +144,39 @@ if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
|
||||
}
|
||||
|
||||
if(!empty($_POST['delete']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
}
|
||||
foreach($_POST['files'] as $file){
|
||||
ftp_recursive_delete($ftp, $file);
|
||||
}
|
||||
}
|
||||
|
||||
if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
}
|
||||
foreach($_POST['files'] as $old=>$new){
|
||||
ftp_rename($ftp, $old, $new);
|
||||
}
|
||||
}
|
||||
|
||||
if(!empty($_POST['rename']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
}
|
||||
send_rename($dir);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
}
|
||||
$tmpfile='/tmp/'.uniqid();
|
||||
foreach($_POST['files'] as $name=>$content){
|
||||
file_put_contents($tmpfile, $content);
|
||||
@ -167,6 +191,10 @@ if(!empty($_POST['edit']) && !empty($_POST['files'])){
|
||||
}
|
||||
|
||||
if(!empty($_POST['unzip']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
}
|
||||
$zip = new ZipArchive();
|
||||
foreach($_POST['files'] as $file){
|
||||
if(!preg_match('/\.zip$/', $file)){
|
||||
@ -202,6 +230,10 @@ if(!empty($_POST['unzip']) && !empty($_POST['files'])){
|
||||
|
||||
|
||||
if(!empty($_FILES['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
}
|
||||
$c=count($_FILES['files']['name']);
|
||||
for($i=0; $i<$c; ++$i){
|
||||
if($_FILES['files']['error'][$i]===UPLOAD_ERR_OK){
|
||||
@ -276,7 +308,7 @@ $dir=htmlspecialchars($dir);
|
||||
</head><body>
|
||||
<h1>Index of <?php echo $dir; ?></h1>
|
||||
<?php if($dir!=='/'){ ?>
|
||||
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
|
||||
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf_token'] ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
|
||||
<?php
|
||||
}
|
||||
$fileurl='A';
|
||||
@ -294,6 +326,7 @@ if($order==='A'){
|
||||
}
|
||||
?>
|
||||
<form action="files.php" method="post">
|
||||
<input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf_token'] ?>">
|
||||
<input type="submit" name="mkdir" value="Create directory">
|
||||
<input type="submit" name="mkfile" value="Create file">
|
||||
<input type="text" name="name"><br><br>
|
||||
@ -420,6 +453,7 @@ function send_rename($dir){
|
||||
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo '<form action="files.php" method="post">';
|
||||
echo '<input type="hidden" name="csrf-token" value="<'.$_SESSION['csrf_token'].'">';
|
||||
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
|
||||
echo '<table>';
|
||||
foreach($_POST['files'] as $file){
|
||||
@ -438,6 +472,7 @@ function send_edit($ftp, $dir){
|
||||
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo '<form action="files.php" method="post">';
|
||||
echo '<input type="hidden" name="csrf-token" value="<'.$_SESSION['csrf_token'].'">';
|
||||
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
|
||||
echo '<table>';
|
||||
$tmpfile='/tmp/'.uniqid();
|
||||
|
||||
@ -53,6 +53,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
}
|
||||
if($ok){
|
||||
$_SESSION['hosting_username']=$username;
|
||||
$_SESSION['csrf_token']=sha1(uniqid());
|
||||
session_write_close();
|
||||
header('Location: home.php');
|
||||
exit;
|
||||
|
||||
Reference in New Issue
Block a user