From bc4a8a4d7caa8c94a96f62817c07e4ea200ec91c Mon Sep 17 00:00:00 2001
From: Noah van der Aa <44026893+NoahvdAa@users.noreply.github.com>
Date: Wed, 23 Jan 2019 17:44:04 +0100
Subject: [PATCH 1/2] Adding CSRF to file manager
---
var/www/html/login.php | 1 +
1 file changed, 1 insertion(+)
diff --git a/var/www/html/login.php b/var/www/html/login.php
index 7129f93..53d70f3 100644
--- a/var/www/html/login.php
+++ b/var/www/html/login.php
@@ -53,6 +53,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
}
if($ok){
$_SESSION['hosting_username']=$username;
+ $_SESSION['csrf_token']=sha1(uniqid());
session_write_close();
header('Location: home.php');
exit;
From 769a05b682662ddee56314ab784455fa6422d5c5 Mon Sep 17 00:00:00 2001
From: Noah van der Aa <44026893+NoahvdAa@users.noreply.github.com>
Date: Wed, 23 Jan 2019 17:48:54 +0100
Subject: [PATCH 2/2] Added CSRF protection to file manager.
---
var/www/html/files.php | 37 ++++++++++++++++++++++++++++++++++++-
1 file changed, 36 insertions(+), 1 deletion(-)
diff --git a/var/www/html/files.php b/var/www/html/files.php
index 2ea093d..6212b5b 100644
--- a/var/www/html/files.php
+++ b/var/www/html/files.php
@@ -125,10 +125,18 @@ if(@!ftp_chdir($ftp, $dir)){
}
if(!empty($_POST['mkdir']) && !empty($_POST['name'])){
+ if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
+ echo 'Invalid CSRF token, please try again.';
+ exit;
+ }
ftp_mkdir($ftp, $_POST['name']);
}
if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
+ if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
+ echo 'Invalid CSRF token, please try again.';
+ exit;
+ }
$tmpfile='/tmp/'.uniqid();
touch($tmpfile);
ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY);
@@ -136,23 +144,39 @@ if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
}
if(!empty($_POST['delete']) && !empty($_POST['files'])){
+ if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
+ echo 'Invalid CSRF token, please try again.';
+ exit;
+ }
foreach($_POST['files'] as $file){
ftp_recursive_delete($ftp, $file);
}
}
if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
+ if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
+ echo 'Invalid CSRF token, please try again.';
+ exit;
+ }
foreach($_POST['files'] as $old=>$new){
ftp_rename($ftp, $old, $new);
}
}
if(!empty($_POST['rename']) && !empty($_POST['files'])){
+ if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
+ echo 'Invalid CSRF token, please try again.';
+ exit;
+ }
send_rename($dir);
exit;
}
if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
+ if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
+ echo 'Invalid CSRF token, please try again.';
+ exit;
+ }
$tmpfile='/tmp/'.uniqid();
foreach($_POST['files'] as $name=>$content){
file_put_contents($tmpfile, $content);
@@ -167,6 +191,10 @@ if(!empty($_POST['edit']) && !empty($_POST['files'])){
}
if(!empty($_POST['unzip']) && !empty($_POST['files'])){
+ if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
+ echo 'Invalid CSRF token, please try again.';
+ exit;
+ }
$zip = new ZipArchive();
foreach($_POST['files'] as $file){
if(!preg_match('/\.zip$/', $file)){
@@ -202,6 +230,10 @@ if(!empty($_POST['unzip']) && !empty($_POST['files'])){
if(!empty($_FILES['files'])){
+ if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
+ echo 'Invalid CSRF token, please try again.';
+ exit;
+ }
$c=count($_FILES['files']['name']);
for($i=0; $i<$c; ++$i){
if($_FILES['files']['error'][$i]===UPLOAD_ERR_OK){
@@ -276,7 +308,7 @@ $dir=htmlspecialchars($dir);
Index of
-Upload up to 1GB and up to 100 files at once
+Upload up to 1GB and up to 100 files at once