aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to 'admin')
-rw-r--r--admin/cat_list.php9
-rw-r--r--admin/element_set.php2
-rw-r--r--admin/element_set_global.php5
-rw-r--r--admin/group_list.php10
-rw-r--r--admin/include/functions.php28
-rw-r--r--admin/include/uploadify/uploadify.php2
-rw-r--r--admin/photos_add_direct.php4
-rw-r--r--admin/picture_modify.php3
-rw-r--r--admin/plugins_list.php9
-rw-r--r--admin/plugins_new.php6
-rw-r--r--admin/plugins_update.php7
-rw-r--r--admin/site_manager.php18
-rw-r--r--admin/tags.php8
-rw-r--r--admin/themes/default/template/cat_list.tpl2
-rw-r--r--admin/themes/default/template/group_list.tpl1
-rw-r--r--admin/themes/default/template/site_manager.tpl2
-rw-r--r--admin/themes/default/template/tags.tpl1
17 files changed, 72 insertions, 45 deletions
diff --git a/admin/cat_list.php b/admin/cat_list.php
index 7168b3fd0..5aadeb3c2 100644
--- a/admin/cat_list.php
+++ b/admin/cat_list.php
@@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
+if (!empty($_POST) or isset($_GET['delete']))
+{
+ check_pwg_token();
+}
+
// +-----------------------------------------------------------------------+
// | functions |
// +-----------------------------------------------------------------------+
@@ -64,6 +69,8 @@ function save_categories_order($categories)
// | initialization |
// +-----------------------------------------------------------------------+
+check_input_parameter('parent_id', $_GET, false, PATTERN_ID);
+
$categories = array();
$base_url = get_root_url().'admin.php?page=cat_list';
@@ -185,6 +192,7 @@ if (isset($_GET['parent_id']))
$template->assign(array(
'CATEGORIES_NAV'=>$navigation,
'F_ACTION'=>$form_action,
+ 'PWG_TOKEN' => get_pwg_token(),
));
// +-----------------------------------------------------------------------+
@@ -260,6 +268,7 @@ foreach ($categories as $category)
if (empty($category['dir']))
{
$tpl_cat['U_DELETE'] = $self_url.'&delete='.$category['id'];
+ $tpl_cat['U_DELETE'].= '&pwg_token='.get_pwg_token();
}
if ( array_key_exists($category['id'], $categories_with_images) )
diff --git a/admin/element_set.php b/admin/element_set.php
index 49b1b2377..1b5e88719 100644
--- a/admin/element_set.php
+++ b/admin/element_set.php
@@ -39,6 +39,8 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
+check_input_parameter('selection', $_POST, true, PATTERN_ID);
+
// +-----------------------------------------------------------------------+
// | caddie management |
// +-----------------------------------------------------------------------+
diff --git a/admin/element_set_global.php b/admin/element_set_global.php
index 113b5b1f8..73cc720b0 100644
--- a/admin/element_set_global.php
+++ b/admin/element_set_global.php
@@ -43,6 +43,11 @@ check_status(ACCESS_ADMINISTRATOR);
// | deletion form submission |
// +-----------------------------------------------------------------------+
+// the $_POST['selection'] was already checked in element_set.php
+check_input_parameter('del_tags', $_POST, true, PATTERN_ID);
+check_input_parameter('associate', $_POST, false, PATTERN_ID);
+check_input_parameter('dissociate', $_POST, false, PATTERN_ID);
+
if (isset($_POST['delete']))
{
if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
diff --git a/admin/group_list.php b/admin/group_list.php
index 416d78bb9..7c42d9613 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
+if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default']))
+{
+ check_pwg_token();
+}
+
// +-----------------------------------------------------------------------+
// | delete a group |
// +-----------------------------------------------------------------------+
@@ -155,6 +160,7 @@ $template->assign(
array(
'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list',
'U_HELP' => get_root_url().'popuphelp.php?page=group_list',
+ 'PWG_TOKEN' => get_pwg_token(),
)
);
@@ -191,9 +197,9 @@ SELECT COUNT(*)
'IS_DEFAULT' => (get_boolean($row['is_default']) ? ' ['.l10n('default').']' : ''),
'MEMBERS' => l10n_dec('%d member', '%d members', $counter),
'U_MEMBERS' => $members_url.$row['id'],
- 'U_DELETE' => $del_url.$row['id'],
+ 'U_DELETE' => $del_url.$row['id'].'&pwg_token='.get_pwg_token(),
'U_PERM' => $perm_url.$row['id'],
- 'U_ISDEFAULT' => $toggle_is_default_url.$row['id']
+ 'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&pwg_token='.get_pwg_token(),
)
);
}
diff --git a/admin/include/functions.php b/admin/include/functions.php
index c7b8bf5f1..e3522702f 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -23,34 +23,6 @@
include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php');
-/**
- * check token comming from form posted or get params to prevent csrf attacks
- * if pwg_token is empty action doesn't require token
- * else pwg_token is compare to server token
- *
- * @return void access denied if token given is not equal to server token
- */
-function check_token()
-{
- global $conf;
-
- $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);
- $given_token = null;
-
- if (!empty($_POST['pwg_token']))
- {
- $given_token = $_POST['pwg_token'];
- }
- elseif (!empty($_GET['pwg_token']))
- {
- $given_token = $_GET['pwg_token'];
- }
- if ($given_token != $valid_token)
- {
- access_denied();
- }
-}
-
// The function delete_site deletes a site and call the function
// delete_categories for each primary category of the site
function delete_site( $id )
diff --git a/admin/include/uploadify/uploadify.php b/admin/include/uploadify/uploadify.php
index eddcc12b0..306b492da 100644
--- a/admin/include/uploadify/uploadify.php
+++ b/admin/include/uploadify/uploadify.php
@@ -8,7 +8,7 @@ include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
-// check_pwg_token();
+check_pwg_token();
ob_start();
print_r($_FILES);
diff --git a/admin/photos_add_direct.php b/admin/photos_add_direct.php
index 4fceb6b12..0c24fc6ef 100644
--- a/admin/photos_add_direct.php
+++ b/admin/photos_add_direct.php
@@ -30,7 +30,7 @@ if (!defined('PHOTOS_ADD_BASE_URL'))
if (isset($_GET['batch']))
{
- check_input_parameter('batch', $_GET['batch'], false, '/^\d+(,\d+)*$/');
+ check_input_parameter('batch', $_GET, false, '/^\d+(,\d+)*$/');
$query = '
DELETE FROM '.CADDIE_TABLE.'
@@ -347,7 +347,7 @@ $template->assign(
'switch_url' => PHOTOS_ADD_BASE_URL.'&upload_mode='.$upload_switch,
'upload_id' => md5(rand()),
'session_id' => session_id(),
- 'pwg_token' => '1234abcd5678efgh',// get_pwg_token(),
+ 'pwg_token' => get_pwg_token(),
)
);
diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index e33447f70..e61a324e7 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -33,6 +33,9 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
+check_input_parameter('image_id', $_GET, false, PATTERN_ID);
+check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
+
// +-----------------------------------------------------------------------+
// | synchronize metadata |
// +-----------------------------------------------------------------------+
diff --git a/admin/plugins_list.php b/admin/plugins_list.php
index 2b12f171c..2f0eab1b2 100644
--- a/admin/plugins_list.php
+++ b/admin/plugins_list.php
@@ -32,12 +32,15 @@ $template->set_filenames(array('plugins' => 'plugins_list.tpl'));
$order = isset($_GET['order']) ? $_GET['order'] : 'name';
$base_url = get_root_url().'admin.php?page='.$page['page'].'&order='.$order;
+$action_url = $base_url.'&plugin='.'%s'.'&pwg_token='.get_pwg_token();
$plugins = new plugins();
//--------------------------------------------------perform requested actions
if (isset($_GET['action']) and isset($_GET['plugin']) and !is_adviser())
{
+ check_pwg_token();
+
$page['errors'] = $plugins->perform_action($_GET['action'], $_GET['plugin']);
if (empty($page['errors']))
@@ -96,7 +99,7 @@ foreach($plugins->fs_plugins as $plugin_id => $fs_plugin)
array('NAME' => $display_name,
'VERSION' => $fs_plugin['version'],
'DESCRIPTION' => $desc,
- 'U_ACTION' => $base_url.'&plugin='.$plugin_id);
+ 'U_ACTION' => sprintf($action_url, $plugin_id));
if (isset($plugins->db_plugins_by_id[$plugin_id]))
{
@@ -115,14 +118,12 @@ $missing_plugin_ids = array_diff(
foreach($missing_plugin_ids as $plugin_id)
{
- $action_url = $base_url.'&plugin='.$plugin_id;
-
$template->append( 'plugins',
array(
'NAME' => $plugin_id,
'VERSION' => $plugins->db_plugins_by_id[$plugin_id]['version'],
'DESCRIPTION' => "ERROR: THIS PLUGIN IS MISSING BUT IT IS INSTALLED! UNINSTALL IT NOW !",
- 'U_ACTION' => $base_url.'&plugin='.$plugin_id,
+ 'U_ACTION' => sprintf($action_url, $plugin_id),
'STATE' => 'missing'
)
);
diff --git a/admin/plugins_new.php b/admin/plugins_new.php
index 8ee9d26ed..a9b15c06b 100644
--- a/admin/plugins_new.php
+++ b/admin/plugins_new.php
@@ -38,6 +38,8 @@ $plugins = new plugins();
//------------------------------------------------------automatic installation
if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser())
{
+ check_pwg_token();
+
$install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']);
redirect($base_url.'&installstatus='.$install_status);
@@ -110,7 +112,9 @@ if ($plugins->get_server_plugins(true))
$url_auto_install = htmlentities($base_url)
. '&revision=' . $plugin['revision_id']
- . '&extension=' . $plugin['extension_id'];
+ . '&extension=' . $plugin['extension_id']
+ . '&pwg_token='.get_pwg_token()
+ ;
$template->append('plugins', array(
'EXT_NAME' => $plugin['extension_name'],
diff --git a/admin/plugins_update.php b/admin/plugins_update.php
index 4566d8fd9..af8e527cb 100644
--- a/admin/plugins_update.php
+++ b/admin/plugins_update.php
@@ -37,6 +37,8 @@ $plugins = new plugins();
//-----------------------------------------------------------automatic upgrade
if (isset($_GET['plugin']) and isset($_GET['revision']) and !is_adviser())
{
+ check_pwg_token();
+
$plugin_id = $_GET['plugin'];
$revision = $_GET['revision'];
@@ -48,6 +50,7 @@ if (isset($_GET['plugin']) and isset($_GET['revision']) and !is_adviser())
redirect($base_url
. '&revision=' . $revision
. '&plugin=' . $plugin_id
+ . '&pwg_token='.get_pwg_token()
. '&reactivate=true');
}
@@ -133,7 +136,9 @@ if ($plugins->get_server_plugins())
// Plugin need upgrade
$url_auto_update = $base_url
. '&revision=' . $plugin_info['revision_id']
- . '&plugin=' . $plugin_id;
+ . '&plugin=' . $plugin_id
+ . '&pwg_token='.get_pwg_token()
+ ;
$template->append('plugins_not_uptodate', array(
'EXT_NAME' => $fs_plugin['name'],
diff --git a/admin/site_manager.php b/admin/site_manager.php
index ee25bd826..595605f59 100644
--- a/admin/site_manager.php
+++ b/admin/site_manager.php
@@ -33,6 +33,11 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
+if (!empty($_POST) or isset($_GET['action']))
+{
+ check_pwg_token();
+}
+
/**
* requests the given $url (a remote create_listing_file.php) and fills a
* list of lines corresponding to request output
@@ -198,11 +203,13 @@ SELECT galleries_url
}
}
-$template->assign( array(
- 'U_HELP' => get_root_url().'popuphelp.php?page=site_manager',
- 'F_ACTION' => get_root_url().'admin.php'
- .get_query_string_diff( array('action','site') )
- ) );
+$template->assign(
+ array(
+ 'U_HELP' => get_root_url().'popuphelp.php?page=site_manager',
+ 'F_ACTION' => get_root_url().'admin.php'.get_query_string_diff(array('action','site','pwg_token')),
+ 'PWG_TOKEN' => get_pwg_token(),
+ )
+ );
// +-----------------------------------------------------------------------+
// | remote sites list |
@@ -242,6 +249,7 @@ while ($row = pwg_db_fetch_assoc($result))
$base_url = PHPWG_ROOT_PATH.'admin.php';
$base_url.= '?page=site_manager';
$base_url.= '&site='.$row['id'];
+ $base_url.= '&pwg_token='.get_pwg_token();
$base_url.= '&action=';
$update_url = PHPWG_ROOT_PATH.'admin.php';
diff --git a/admin/tags.php b/admin/tags.php
index 24368bcfb..caade0058 100644
--- a/admin/tags.php
+++ b/admin/tags.php
@@ -29,6 +29,11 @@ if( !defined("PHPWG_ROOT_PATH") )
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
check_status(ACCESS_ADMINISTRATOR);
+if (!empty($_POST))
+{
+ check_pwg_token();
+}
+
// +-----------------------------------------------------------------------+
// | edit tags |
// +-----------------------------------------------------------------------+
@@ -189,7 +194,8 @@ $template->set_filenames(array('tags' => 'tags.tpl'));
$template->assign(
array(
- 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags'
+ 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags',
+ 'PWG_TOKEN' => get_pwg_token(),
)
);
diff --git a/admin/themes/default/template/cat_list.tpl b/admin/themes/default/template/cat_list.tpl
index 431845d2a..e80558c9e 100644
--- a/admin/themes/default/template/cat_list.tpl
+++ b/admin/themes/default/template/cat_list.tpl
@@ -26,6 +26,7 @@
<h3>{$CATEGORIES_NAV}</h3>
<form id="addVirtual" action="{$F_ACTION}" method="post">
+ <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
{'Add a virtual category'|@translate} : <input type="text" name="virtual_name">
<input class="submit" type="submit" value="{'Submit'|@translate}" name="submitAdd" {$TAG_INPUT_ENABLED}>
@@ -38,6 +39,7 @@
{if count($categories) }
<form id="categoryOrdering" action="{$F_ACTION}" method="post">
+ <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
<input class="submit" name="submitOrder" type="submit" value="{'Save order'|@translate}" {$TAG_INPUT_ENABLED}>
<input class="submit" name="submitOrderAlphaNum" type="submit" value="{'Order alphanumerically'|@translate}" {$TAG_INPUT_ENABLED}>
diff --git a/admin/themes/default/template/group_list.tpl b/admin/themes/default/template/group_list.tpl
index 6b32da66b..ab74985a4 100644
--- a/admin/themes/default/template/group_list.tpl
+++ b/admin/themes/default/template/group_list.tpl
@@ -3,6 +3,7 @@
</div>
<form method="post" name="add_user" action="{$F_ADD_ACTION}" class="properties">
+ <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<fieldset>
<legend>{'Add group'|@translate}</legend>
diff --git a/admin/themes/default/template/site_manager.tpl b/admin/themes/default/template/site_manager.tpl
index 91d888ac0..6dce1fec0 100644
--- a/admin/themes/default/template/site_manager.tpl
+++ b/admin/themes/default/template/site_manager.tpl
@@ -16,6 +16,7 @@
{'A local listing.xml file has been found for '|@translate} {$local_listing.URL}
{if isset($local_listing.CREATE)}
<form action="{$F_ACTION}" method="post">
+ <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
{'Create this site'|@translate}:
<input type="hidden" name="no_check" value="1">
@@ -63,6 +64,7 @@
{/if}
<form action="{$F_ACTION}" method="post">
+ <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
<label for="galleries_url" >{'Create a new site : (give its URL to create_listing_file.php)'|@translate}</label>
<input type="text" name="galleries_url" id="galleries_url">
diff --git a/admin/themes/default/template/tags.tpl b/admin/themes/default/template/tags.tpl
index 3db8417a6..4d7031897 100644
--- a/admin/themes/default/template/tags.tpl
+++ b/admin/themes/default/template/tags.tpl
@@ -3,6 +3,7 @@
</div>
<form action="{$F_ACTION}" method="post">
+ <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
{if isset($EDIT_TAGS_LIST)}
<fieldset>