Various fixes related to #5415

559c694e · Till Brehm · ac782819 · 559c694e · 559c694e · 559c694e
Commit 559c694e authored 5 years ago by Till Brehm
--- a/interface/web/sites/aps_do_operation.php
+++ b/interface/web/sites/aps_do_operation.php
@@ -64,6 +64,9 @@ if($_GET['action'] == 'change_status')
 }
 else if($_GET['action'] == 'delete_instance')
 	{
+		// Check CSRF Token
+		$app->auth->csrf_token_check('GET');
 		// Make sure a valid package ID is given (also corresponding to the calling user)
 		$client_id = 0;
 		$is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;

--- a/interface/web/sites/aps_install_package.php
+++ b/interface/web/sites/aps_install_package.php
@@ -93,6 +93,9 @@ if(!empty($domains_assoc)) foreach($domains_assoc as $domain) $domains[] = $doma
 	$result['input'] = array();
 if(count($_POST) > 1)
 {
+	// Check CSRF Token
+	$app->auth->csrf_token_check();
 	$result = $gui->validateInstallerInput($_POST, $details, $domains, $settings);
 	if(empty($result['error']))
 	{
@@ -117,13 +120,16 @@ foreach($details as $key => $value)
 	else if($key == 'Requirements PHP settings') $app->tpl->setLoop('pkg_requirements_php_settings', $details['Requirements PHP settings']);
 }
+// get new csrf token
+$csrf_token = $app->auth->csrf_token_get('aps_install_package');
+$app->tpl->setVar('_csrf_id', $csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key', $csrf_token['csrf_key']);
 // Parse the template as far as possible, then do the rest manually
 $app->tpl_defaults();
 $parsed_tpl = $app->tpl->grab();
-// ISPConfig has a very old and functionally limited template engine. We have to style parts on our own...
 // Print the domain list
 $domains_tpl = '';
 if(!empty($domains))

--- a/interface/web/sites/aps_installedpackages_list.php
+++ b/interface/web/sites/aps_installedpackages_list.php
@@ -112,12 +112,16 @@ if(!$is_admin) {
 $records = $app->db->queryAllRecords($query);
 $app->listform_actions->DataRowColor = '#FFFFFF';
+$csrf_token = $app->auth->csrf_token_get($app->listform->listDef['name']);
+$_csrf_id = $csrf_token['csrf_id'];
+$_csrf_key = $csrf_token['csrf_key'];
 // Re-form all result entries and add extra entries
 $records_new = array();
 if(is_array($records))
 {
 	$app->listform_actions->idx_key = $app->listform->listDef["table_idx"];
-	foreach($records as $rec)
+	foreach($records as $key => $rec)
 	{
 		// Set an abbreviated install location to beware the page layout
 		$ils = '';
@@ -129,7 +133,9 @@ if(is_array($records))
 		if($rec['instance_status'] != INSTANCE_REMOVE && $rec['instance_status'] != INSTANCE_INSTALL)
 			$rec['delete_possible'] = 'true';
-		$records_new[] = $app->listform_actions->prepareDataRow($rec);
+		$records_new[$key] = $app->listform_actions->prepareDataRow($rec);
+		$records_new[$key]['csrf_id'] = $_csrf_id;
+		$records_new[$key]['csrf_key'] = $_csrf_key;
 	}
 }
 $app->tpl->setLoop('records', $records_new);

--- a/interface/web/sites/templates/aps_instances_list.htm
+++ b/interface/web/sites/templates/aps_instances_list.htm
@@ -40,7 +40,7 @@
                            <td><span id="status_content{tmpl_var name='__ROWNUM__'}">{tmpl_var name='instance_status'}</span></td>
                            <td class="text-right">
                                <tmpl_if name='delete_possible'>
-                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/aps_do_operation.php?action=delete_instance&id={tmpl_var name='id'}','{tmpl_var name='pkg_delete_confirmation'}')"><span class="icon icon-delete"></span></button>
+                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/aps_do_operation.php?action=delete_instance&id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}','{tmpl_var name='pkg_delete_confirmation'}')"><span class="icon icon-delete"></span></button>
                                </tmpl_if>
                            </td>        
                        </tr>

--- a/interface/web/sites/templates/aps_packages_list.htm
+++ b/interface/web/sites/templates/aps_packages_list.htm
@@ -31,7 +31,7 @@
                            <td>{tmpl_var name='version'}-{tmpl_var name='release'}</td>
                            <td>{tmpl_var name='category'}</td>
                                <tmpl_if name='is_admin'>
-                                    <td><a href="javascript:ISPConfig.loadContentInto('status_content{tmpl_var name='__ROWNUM__'}', 'sites/aps_do_operation.php?action=change_status&id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}');"><span id="status_content{tmpl_var name='__ROWNUM__'}">{tmpl_var name='package_status'}</span></a></td>
+                                    <td><a href="javascript:ISPConfig.loadContentInto('status_content{tmpl_var name='__ROWNUM__'}', 'sites/aps_do_operation.php?action=change_status&id={tmpl_var name='id'}&_csrf_id={tmpl_var name='csrf_id'}&_csrf_key={tmpl_var name='csrf_key'}&phpsessid={tmpl_var name='phpsessid'}');"><span id="status_content{tmpl_var name='__ROWNUM__'}">{tmpl_var name='package_status'}</span></a></td>
                                </tmpl_if>
                            <td class="text-right">&nbsp;</td>
                        </tr>