mirror of
https://github.com/renbaoshuo/S2OJ.git
synced 2024-11-21 21:08:42 +00:00
feat: tinyfilemanager use uoj csrf
This commit is contained in:
parent
47167a5c7a
commit
62e25fe1ea
@ -98,11 +98,6 @@ if (defined('FM_EMBED')) {
|
||||
restore_error_handler();
|
||||
}
|
||||
|
||||
//Genrating CSRF Token
|
||||
if (empty($_SESSION['token'])) {
|
||||
$_SESSION['token'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
|
||||
if (empty($auth_users)) {
|
||||
$use_auth = false;
|
||||
}
|
||||
@ -124,7 +119,6 @@ defined('FM_SELF_URL') || define('FM_SELF_URL', HTML::url('?'));
|
||||
// logout
|
||||
if (isset($_GET['logout'])) {
|
||||
unset($_SESSION[FM_SESSION_ID]['logged']);
|
||||
unset( $_SESSION['token']);
|
||||
fm_redirect(FM_SELF_URL);
|
||||
}
|
||||
|
||||
@ -175,11 +169,11 @@ if ($ip_ruleset != 'OFF') {
|
||||
if ($use_auth) {
|
||||
if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']])) {
|
||||
// Logged
|
||||
} elseif (isset($_POST['fm_usr'], $_POST['fm_pwd'], $_POST['token'])) {
|
||||
} elseif (isset($_POST['fm_usr'], $_POST['fm_pwd'], $_POST['_token'])) {
|
||||
// Logging In
|
||||
sleep(1);
|
||||
if(function_exists('password_verify')) {
|
||||
if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) {
|
||||
if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']]) && crsf_check()) {
|
||||
$_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr'];
|
||||
fm_set_msg(lng('You are logged in'));
|
||||
fm_redirect(FM_ROOT_URL);
|
||||
@ -230,7 +224,7 @@ if ($use_auth) {
|
||||
<div class="mb-3">
|
||||
<?php fm_show_message(); ?>
|
||||
</div>
|
||||
<input type="hidden" name="token" value="<?php echo htmlentities($_SESSION['token']); ?>" />
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<div class="mb-3">
|
||||
<button type="submit" class="btn btn-success btn-block w-100 mt-4" role="button">
|
||||
<?php echo lng('Login'); ?>
|
||||
@ -306,11 +300,8 @@ unset($p, $use_auth, $iconv_input_encoding, $use_highlightjs, $highlightjs_style
|
||||
/*************************** ACTIONS ***************************/
|
||||
|
||||
// Handle all AJAX Request
|
||||
if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) || !FM_USE_AUTH) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) {
|
||||
if(!verifyToken($_POST['token'])) {
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
die("Invalid Token.");
|
||||
}
|
||||
if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) || !FM_USE_AUTH) && isset($_POST['ajax'], $_POST['_token']) && !FM_READONLY) {
|
||||
crsf_defend();
|
||||
|
||||
//search : get list of files from the current folder
|
||||
if(isset($_POST['type']) && $_POST['type']=="search") {
|
||||
@ -515,9 +506,9 @@ if ((isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_
|
||||
}
|
||||
|
||||
// Delete file / folder
|
||||
if (isset($_GET['del'], $_POST['token']) && !FM_READONLY) {
|
||||
if (isset($_GET['del'], $_POST['_token']) && !FM_READONLY) {
|
||||
$del = str_replace( '/', '', fm_clean_path( $_GET['del'] ) );
|
||||
if ($del != '' && $del != '..' && $del != '.' && verifyToken($_POST['token'])) {
|
||||
if ($del != '' && $del != '..' && $del != '.' && crsf_check()) {
|
||||
$path = FM_ROOT_PATH;
|
||||
if (FM_PATH != '') {
|
||||
$path .= '/' . FM_PATH;
|
||||
@ -537,10 +528,10 @@ if (isset($_GET['del'], $_POST['token']) && !FM_READONLY) {
|
||||
}
|
||||
|
||||
// Create a new file/folder
|
||||
if (isset($_POST['newfilename'], $_POST['newfile'], $_POST['token']) && !FM_READONLY) {
|
||||
if (isset($_POST['newfilename'], $_POST['newfile'], $_POST['_token']) && !FM_READONLY) {
|
||||
$type = urldecode($_POST['newfile']);
|
||||
$new = str_replace( '/', '', fm_clean_path( strip_tags( $_POST['newfilename'] ) ) );
|
||||
if (fm_isvalid_filename($new) && $new != '' && $new != '..' && $new != '.' && verifyToken($_POST['token'])) {
|
||||
if (fm_isvalid_filename($new) && $new != '' && $new != '..' && $new != '.' && crsf_check()) {
|
||||
$path = FM_ROOT_PATH;
|
||||
if (FM_PATH != '') {
|
||||
$path .= '/' . FM_PATH;
|
||||
@ -643,11 +634,8 @@ if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) {
|
||||
}
|
||||
|
||||
// Mass copy files/ folders
|
||||
if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish'], $_POST['token']) && !FM_READONLY) {
|
||||
|
||||
if(!verifyToken($_POST['token'])) {
|
||||
fm_set_msg(lng('Invalid Token.'), 'error');
|
||||
}
|
||||
if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish'], $_POST['_token']) && !FM_READONLY) {
|
||||
crsf_defend();
|
||||
|
||||
// from
|
||||
$path = FM_ROOT_PATH;
|
||||
@ -710,10 +698,9 @@ if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish'], $_POST['token'])
|
||||
}
|
||||
|
||||
// Rename
|
||||
if (isset($_POST['rename_from'], $_POST['rename_to'], $_POST['token']) && !FM_READONLY) {
|
||||
if(!verifyToken($_POST['token'])) {
|
||||
fm_set_msg("Invalid Token.", 'error');
|
||||
}
|
||||
if (isset($_POST['rename_from'], $_POST['rename_to'], $_POST['_token']) && !FM_READONLY) {
|
||||
crsf_defend();
|
||||
|
||||
// old name
|
||||
$old = urldecode($_POST['rename_from']);
|
||||
$old = fm_clean_path($old);
|
||||
@ -741,10 +728,8 @@ if (isset($_POST['rename_from'], $_POST['rename_to'], $_POST['token']) && !FM_RE
|
||||
}
|
||||
|
||||
// Download
|
||||
if (isset($_GET['dl'], $_POST['token'])) {
|
||||
if(!verifyToken($_POST['token'])) {
|
||||
fm_set_msg("Invalid Token.", 'error');
|
||||
}
|
||||
if (isset($_GET['dl'], $_POST['_token'])) {
|
||||
crsf_defend();
|
||||
|
||||
$dl = urldecode($_GET['dl']);
|
||||
$dl = fm_clean_path($dl);
|
||||
@ -764,8 +749,8 @@ if (isset($_GET['dl'], $_POST['token'])) {
|
||||
|
||||
// Upload
|
||||
if (!empty($_FILES) && !FM_READONLY) {
|
||||
if(isset($_POST['token'])) {
|
||||
if(!verifyToken($_POST['token'])) {
|
||||
if(isset($_POST['_token'])) {
|
||||
if(!crsf_check()) {
|
||||
$response = array ('status' => 'error','info' => "Invalid Token.");
|
||||
echo json_encode($response); exit();
|
||||
}
|
||||
@ -892,11 +877,8 @@ if (!empty($_FILES) && !FM_READONLY) {
|
||||
}
|
||||
|
||||
// Mass deleting
|
||||
if (isset($_POST['group'], $_POST['delete'], $_POST['token']) && !FM_READONLY) {
|
||||
|
||||
if(!verifyToken($_POST['token'])) {
|
||||
fm_set_msg(lng("Invalid Token."), 'error');
|
||||
}
|
||||
if (isset($_POST['group'], $_POST['delete'], $_POST['_token']) && !FM_READONLY) {
|
||||
crsf_defend();
|
||||
|
||||
$path = FM_ROOT_PATH;
|
||||
if (FM_PATH != '') {
|
||||
@ -927,11 +909,8 @@ if (isset($_POST['group'], $_POST['delete'], $_POST['token']) && !FM_READONLY) {
|
||||
}
|
||||
|
||||
// Pack files zip, tar
|
||||
if (isset($_POST['group'], $_POST['token']) && (isset($_POST['zip']) || isset($_POST['tar'])) && !FM_READONLY) {
|
||||
|
||||
if(!verifyToken($_POST['token'])) {
|
||||
fm_set_msg(lng("Invalid Token."), 'error');
|
||||
}
|
||||
if (isset($_POST['group'], $_POST['_token']) && (isset($_POST['zip']) || isset($_POST['tar'])) && !FM_READONLY) {
|
||||
crsf_defend();
|
||||
|
||||
$path = FM_ROOT_PATH;
|
||||
$ext = 'zip';
|
||||
@ -989,11 +968,9 @@ if (isset($_POST['group'], $_POST['token']) && (isset($_POST['zip']) || isset($_
|
||||
}
|
||||
|
||||
// Unpack zip, tar
|
||||
if (isset($_POST['unzip'], $_POST['token']) && !FM_READONLY) {
|
||||
if (isset($_POST['unzip'], $_POST['_token']) && !FM_READONLY) {
|
||||
|
||||
if(!verifyToken($_POST['token'])) {
|
||||
fm_set_msg(lng("Invalid Token."), 'error');
|
||||
}
|
||||
crsf_defend();
|
||||
|
||||
$unzip = urldecode($_POST['unzip']);
|
||||
$unzip = fm_clean_path($unzip);
|
||||
@ -1057,11 +1034,9 @@ if (isset($_POST['unzip'], $_POST['token']) && !FM_READONLY) {
|
||||
}
|
||||
|
||||
// Change Perms (not for Windows)
|
||||
if (isset($_POST['chmod'], $_POST['token']) && !FM_READONLY && !FM_IS_WIN) {
|
||||
if (isset($_POST['chmod'], $_POST['_token']) && !FM_READONLY && !FM_IS_WIN) {
|
||||
|
||||
if(!verifyToken($_POST['token'])) {
|
||||
fm_set_msg(lng("Invalid Token."), 'error');
|
||||
}
|
||||
crsf_defend();
|
||||
|
||||
$path = FM_ROOT_PATH;
|
||||
if (FM_PATH != '') {
|
||||
@ -1195,7 +1170,7 @@ if (isset($_GET['upload']) && !FM_READONLY) {
|
||||
<form action="<?php echo htmlspecialchars(FM_SELF_URL) . '?p=' . fm_enc(FM_PATH) ?>" class="dropzone card-tabs-container" id="fileUploader" enctype="multipart/form-data">
|
||||
<input type="hidden" name="p" value="<?php echo fm_enc(FM_PATH) ?>">
|
||||
<input type="hidden" name="fullpath" id="fullpath" value="<?php echo fm_enc(FM_PATH) ?>">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<div class="fallback">
|
||||
<input name="file" type="file" multiple/>
|
||||
</div>
|
||||
@ -1205,7 +1180,7 @@ if (isset($_GET['upload']) && !FM_READONLY) {
|
||||
<form id="js-form-url-upload" class="row row-cols-lg-auto g-3 align-items-center" onsubmit="return upload_from_url(this);" method="POST" action="">
|
||||
<input type="hidden" name="type" value="upload" aria-label="hidden" aria-hidden="true">
|
||||
<input type="url" placeholder="URL" name="uploadurl" required class="form-control" style="width: 80%">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<button type="submit" class="btn btn-primary ms-3"><?php echo lng('Upload') ?></button>
|
||||
<div class="lds-facebook"><div></div><div></div><div></div></div>
|
||||
</form>
|
||||
@ -1284,7 +1259,7 @@ if (isset($_POST['copy']) && !FM_READONLY) {
|
||||
<p class="custom-checkbox custom-control"><input type="checkbox" name="move" value="1" id="js-move-files" class="custom-control-input"><label for="js-move-files" class="custom-control-label ms-2"> <?php echo lng('Move') ?></label></p>
|
||||
<p>
|
||||
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>" class="btn btn-outline-danger"><i class="fa fa-times-circle"></i> <?php echo lng('Cancel') ?></a></b>
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<button type="submit" class="btn btn-success"><i class="fa fa-check-circle"></i> <?php echo lng('Copy') ?></button>
|
||||
</p>
|
||||
</form>
|
||||
@ -1581,7 +1556,7 @@ if (isset($_GET['view'])) {
|
||||
</p>
|
||||
<div class="d-flex align-items-center mb-3">
|
||||
<form method="post" class="d-inline ms-2" action="?p=<?php echo urlencode(FM_PATH) ?>&dl=<?php echo urlencode($file) ?>">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<button type="submit" class="btn btn-link text-decoration-none fw-bold p-0"><i class="fa fa-cloud-download"></i> <?php echo lng('Download') ?></button>
|
||||
</form>
|
||||
<b class="ms-2"><a href="<?php echo fm_enc($file_url) ?>" target="_blank"><i class="fa fa-external-link-square"></i> <?php echo lng('Open') ?></a></b>
|
||||
@ -1591,12 +1566,12 @@ if (isset($_GET['view'])) {
|
||||
$zip_name = pathinfo($file_path, PATHINFO_FILENAME);
|
||||
?>
|
||||
<form method="post" class="d-inline ms-2">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<input type="hidden" name="unzip" value="<?php echo urlencode($file); ?>">
|
||||
<button type="submit" class="btn btn-link text-decoration-none fw-bold p-0" style="font-size: 14px;"><i class="fa fa-check-circle"></i> <?php echo lng('UnZip') ?></button>
|
||||
</form>
|
||||
<form method="post" class="d-inline ms-2">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<input type="hidden" name="unzip" value="<?php echo urlencode($file); ?>">
|
||||
<input type="hidden" name="tofolder" value="1">
|
||||
<button type="submit" class="btn btn-link text-decoration-none fw-bold p-0" style="font-size: 14px;" data-bs-toggle="tooltip" data-bs-title="UnZip to <?php echo fm_enc($zip_name) ?>"><i class="fa fa-check-circle"></i> <?php echo lng('UnZipToFolder') ?></button>
|
||||
@ -1832,7 +1807,7 @@ if (isset($_GET['chmod']) && !FM_READONLY && !FM_IS_WIN) {
|
||||
</table>
|
||||
|
||||
<p>
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>" class="btn btn-outline-primary"><i class="fa fa-times-circle"></i> <?php echo lng('Cancel') ?></a></b>
|
||||
<button type="submit" class="btn btn-success"><i class="fa fa-check-circle"></i> <?php echo lng('Change') ?></button>
|
||||
</p>
|
||||
@ -1860,7 +1835,7 @@ $tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white
|
||||
<form action="" method="post" class="pt-3">
|
||||
<input type="hidden" name="p" value="<?php echo fm_enc(FM_PATH) ?>">
|
||||
<input type="hidden" name="group" value="1">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<div class="table-responsive">
|
||||
<table class="table table-bordered table-hover table-sm <?php echo $tableTheme; ?>" id="main-table">
|
||||
<thead class="thead-white">
|
||||
@ -2069,19 +2044,6 @@ fm_show_footer();
|
||||
|
||||
// Functions
|
||||
|
||||
/**
|
||||
* Verify CSRF TOKEN and remove after cerify
|
||||
* @param string $token
|
||||
* @return bool
|
||||
*/
|
||||
function verifyToken($token)
|
||||
{
|
||||
if (hash_equals($_SESSION['token'], $token)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete file or folder (recursively)
|
||||
* @param string $path
|
||||
@ -3507,7 +3469,7 @@ $isStickyNavBar = $sticky_navbar ? 'navbar-fixed' : 'navbar-normal';
|
||||
<?= HTML::css_link('/css/highlightjs.github.min.css?v=11.6.0-20221005') ?>
|
||||
<?= HTML::js_src('/js/highlightjs.min.js?v=11.6.0-20221005') ?>
|
||||
<?php endif; ?>
|
||||
<script type="text/javascript">window.csrf = '<?php echo $_SESSION['token']; ?>';</script>
|
||||
<script type="text/javascript">window.csrf = '<?= crsf_token() ?>';</script>
|
||||
<style>
|
||||
html { -moz-osx-font-smoothing: grayscale; -webkit-font-smoothing: antialiased; text-rendering: optimizeLegibility; height: 100%; scroll-behavior: smooth;}
|
||||
*,*::before,*::after { box-sizing: border-box;}
|
||||
@ -3682,7 +3644,7 @@ $isStickyNavBar = $sticky_navbar ? 'navbar-fixed' : 'navbar-normal';
|
||||
<input type="text" name="newfilename" id="newfilename" value="" class="form-control" placeholder="<?php echo lng('Enter here...') ?>" required>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<button type="button" class="btn btn-outline-primary" data-bs-dismiss="modal"><i class="fa fa-times-circle"></i> <?php echo lng('Cancel') ?></button>
|
||||
<button type="submit" class="btn btn-success"><i class="fa fa-check-circle"></i> <?php echo lng('CreateNow') ?></button>
|
||||
</div>
|
||||
@ -3723,7 +3685,7 @@ $isStickyNavBar = $sticky_navbar ? 'navbar-fixed' : 'navbar-normal';
|
||||
<h5 class="mb-3"><?php echo lng('Are you sure want to rename?') ?></h5>
|
||||
<p class="mb-1">
|
||||
<input type="text" name="rename_to" id="js-rename-to" class="form-control" placeholder="<?php echo lng('Enter new file name') ?>" required>
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<input type="hidden" name="rename_from" id="js-rename-from">
|
||||
</p>
|
||||
</div>
|
||||
@ -3746,7 +3708,7 @@ $isStickyNavBar = $sticky_navbar ? 'navbar-fixed' : 'navbar-normal';
|
||||
</div>
|
||||
<div class="modal-footer flex-nowrap p-0">
|
||||
<button type="button" class="btn btn-lg btn-link fs-6 text-decoration-none col-6 m-0 rounded-0 border-end" data-bs-dismiss="modal"><?php echo lng('Cancel') ?></button>
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
||||
<?= HTML::hiddenToken() ?>
|
||||
<button type="submit" class="btn btn-lg btn-link fs-6 text-decoration-none col-6 m-0 rounded-0" data-bs-dismiss="modal"><strong><?php echo lng('Okay') ?></strong></button>
|
||||
</div>
|
||||
</form>
|
||||
@ -3811,7 +3773,7 @@ $isStickyNavBar = $sticky_navbar ? 'navbar-fixed' : 'navbar-normal';
|
||||
a.setAttribute("method", "POST"), a.setAttribute("action", "");
|
||||
var o = document.createElement("textarea");
|
||||
o.setAttribute("type", "textarea"), o.setAttribute("name", "savedata");
|
||||
let cx = document.createElement("input"); cx.setAttribute("type", "hidden");cx.setAttribute("name", "token");cx.setAttribute("value", window.csrf);
|
||||
let cx = document.createElement("input"); cx.setAttribute("type", "hidden");cx.setAttribute("name", "_token");cx.setAttribute("value", window.csrf);
|
||||
var c = document.createTextNode(n);
|
||||
o.appendChild(c), a.appendChild(o), a.appendChild(cx), document.body.appendChild(a), a.submit()
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user