diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index 9abb535012097dbcf44dc39db899b2c72c0e69d2..fe63fc6088615cac465d586114ce65192caceaac 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -201,6 +201,56 @@ class auth {
$salt.="$";
return crypt($cleartext_password, $salt);
}
+
+ public function csrf_token_get($form_name) {
+ /* CSRF PROTECTION */
+ // generate csrf protection id and key
+ $_csrf_id = uniqid($form_name . '_'); // form id
+ $_csrf_key = sha1(uniqid(microtime(true), true)); // the key
+ if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
+ if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
+ $_SESSION['_csrf'][$_csrf_id] = $_csrf_key;
+ $_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
+
+ return array('csrf_id' => $_csrf_id,'csrf_key' => $_csrf_key);
+ }
+
+ public function csrf_token_check() {
+ global $app;
+
+ if(isset($_POST) && is_array($_POST)) {
+ $_csrf_valid = false;
+ if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) {
+ $_csrf_id = trim($_POST['_csrf_id']);
+ $_csrf_key = trim($_POST['_csrf_key']);
+ if(isset($_SESSION['_csrf']) && isset($_SESSION['_csrf'][$_csrf_id]) && isset($_SESSION['_csrf_timeout']) && isset($_SESSION['_csrf_timeout'][$_csrf_id])) {
+ if($_SESSION['_csrf'][$_csrf_id] === $_csrf_key && $_SESSION['_csrf_timeout'] >= time()) $_csrf_valid = true;
+ }
+ }
+ if($_csrf_valid !== true) {
+ $app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
+ $app->error($app->lng('err_csrf_attempt_blocked'));
+ }
+ $_SESSION['_csrf'][$_csrf_id] = null;
+ $_SESSION['_csrf_timeout'][$_csrf_id] = null;
+ unset($_SESSION['_csrf'][$_csrf_id]);
+ unset($_SESSION['_csrf_timeout'][$_csrf_id]);
+
+ if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
+ $to_unset = array();
+ foreach($_SESSION['_csrf_timeout'] as $_csrf_id => $timeout) {
+ if($timeout < time()) $to_unset[] = $_csrf_id;
+ }
+ foreach($to_unset as $_csrf_id) {
+ $_SESSION['_csrf'][$_csrf_id] = null;
+ $_SESSION['_csrf_timeout'][$_csrf_id] = null;
+ unset($_SESSION['_csrf'][$_csrf_id]);
+ unset($_SESSION['_csrf_timeout'][$_csrf_id]);
+ }
+ unset($to_unset);
+ }
+ }
+ }
}
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index d0bb7d128f26bb5697e0ee7dbe5c5c66a9971e85..1717419794cfcdb9165f2b1b10e7e53184aa8e50 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -386,12 +386,17 @@ class tform {
/* CSRF PROTECTION */
// generate csrf protection id and key
- $_csrf_id = uniqid($this->formDef['name'] . '_');
+ /*$_csrf_id = uniqid($this->formDef['name'] . '_');
$_csrf_value = sha1(uniqid(microtime(true), true));
if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
$_SESSION['_csrf'][$_csrf_id] = $_csrf_value;
$_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
+ */
+ $csrf_token = $app->auth->csrf_token_get($this->formDef['name']);
+ $_csrf_id = $csrf_token['csrf_id'];
+ $_csrf_value = $csrf_token['csrf_key'];
+
$this->formDef['tabs'][$tab]['fields']['_csrf_id'] = array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
@@ -669,6 +674,7 @@ class tform {
//$this->errorMessage = '';
/* CSRF PROTECTION */
+
if(isset($_POST) && is_array($_POST)) {
$_csrf_valid = false;
if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) {
diff --git a/interface/web/admin/language_add.php b/interface/web/admin/language_add.php
index 8c488c34c97618ca2c23f9bb0948f00645157906..f58a2db16dbb6ce159149a8a6e17e86e9a7b6ddc 100644
--- a/interface/web/admin/language_add.php
+++ b/interface/web/admin/language_add.php
@@ -65,6 +65,10 @@ $app->tpl->setVar('language_option', $language_option);
$app->tpl->setVar('error', $error);
if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$lng_new = $_POST['lng_new'];
if(!preg_match("/^[a-z]{2}$/i", $lng_new)) die('unallowed characters in language name.');
@@ -94,6 +98,11 @@ if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') {
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_add');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_add.lng';
include $lng_file;
diff --git a/interface/web/admin/language_complete.php b/interface/web/admin/language_complete.php
index d8f4bbda8616a57a8ce563564e6be70a0aaa90a0..d28e89aa2576ee51d8b6e41030c10fdbded2c3c4 100644
--- a/interface/web/admin/language_complete.php
+++ b/interface/web/admin/language_complete.php
@@ -67,6 +67,9 @@ $app->tpl->setVar('error', $error);
// Export the language file
if(isset($_POST['lng_select']) && $error == '') {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
// complete the global langauge file
merge_langfile(ISPC_LIB_PATH."/lang/".$selected_language.".lng", ISPC_LIB_PATH."/lang/en.lng");
@@ -157,6 +160,11 @@ function merge_langfile($langfile, $masterfile) {
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_merge');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_complete.lng';
include $lng_file;
diff --git a/interface/web/admin/language_edit.php b/interface/web/admin/language_edit.php
index 7d83b9bb7479dc1276f912d933dd68210b768aef..c94a5eb2804ed1ef0323a960d49ef58e2c621f5e 100644
--- a/interface/web/admin/language_edit.php
+++ b/interface/web/admin/language_edit.php
@@ -55,6 +55,10 @@ $msg = '';
//* Save data
if(isset($_POST['records']) && is_array($_POST['records'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$file_content = " $val) {
$val = stripslashes($val);
@@ -93,6 +97,11 @@ if(isset($wb) && is_array($wb)) {
unset($wb);
}
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_edit');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_edit.lng';
diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php
index d53575ba26d456e073dd06fdc7d417f7a2537ac0..00d105cc67e7b8260703361971b4bfefb732bd9f 100644
--- a/interface/web/admin/language_import.php
+++ b/interface/web/admin/language_import.php
@@ -129,6 +129,10 @@ $error = '';
// Export the language file
if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$lines = file($_FILES['file']['tmp_name']);
// initial check
$parts = explode('|', $lines[0]);
@@ -183,6 +187,11 @@ if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng';
include $lng_file;
diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php
index 32bf0c4333b8973ec352bd7aee2fc07fac5ff633..d207dd0680c55d7d8f29a61d300e1a014c311481 100644
--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -66,6 +66,10 @@ $msg = '';
//* Note: Disabled post action
if (1 == 0 && isset($_POST['server_select'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$server = $_POST['server_select'];
$servers = array();
if ($server == '*') {
@@ -95,6 +99,11 @@ if (1 == 0 && isset($_POST['server_select'])) {
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('ispupdate');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar($wb);
$app->tpl_defaults();
diff --git a/interface/web/admin/remote_action_osupdate.php b/interface/web/admin/remote_action_osupdate.php
index 61c6c23823689ad99558e2becba462b0905ba3e6..0d423089027d513c7bc14e95f8277493555defe1 100644
--- a/interface/web/admin/remote_action_osupdate.php
+++ b/interface/web/admin/remote_action_osupdate.php
@@ -62,6 +62,10 @@ $msg = '';
* If the user wants to do the action, write this to our db
*/
if (isset($_POST['server_select'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$server = $_POST['server_select'];
$servers = array();
if ($server == '*') {
@@ -91,6 +95,11 @@ if (isset($_POST['server_select'])) {
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('osupdate');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar($wb);
$app->tpl_defaults();
diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index 5707e88206be5b02ffe24d8be088f3d14d184b2b..d38fc9352c81f836dbce9d4c9e5cbd266ebc2fb9 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -51,7 +51,10 @@ $error = '';
//* Save data
if(isset($_POST) && count($_POST) > 1) {
-
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
//* Check values
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'
';
if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'
';
@@ -161,6 +164,11 @@ if(!empty($field_names) && is_array($field_names)){
}
$app->tpl->setVar('message_variables', trim($message_variables));
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('client_message');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar('okmsg', $msg);
$app->tpl->setVar('error', $error);
diff --git a/interface/web/themes/default/templates/form.tpl.htm b/interface/web/themes/default/templates/form.tpl.htm
index 429bfd9f2497cae91ebd8b996f6897c6950ee1c0..a2d3dfc447d43d14180166cd5476257c44abb774 100644
--- a/interface/web/themes/default/templates/form.tpl.htm
+++ b/interface/web/themes/default/templates/form.tpl.htm
@@ -1 +1,3 @@
-
\ No newline at end of file
+
+
+
\ No newline at end of file
diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php
index 775d515289e09103a5302b5ab99f720fbbf1c647..aea6c4300fcf95f9decbcc6921aeb9509ef2f5fb 100644
--- a/interface/web/tools/dns_import_tupa.php
+++ b/interface/web/tools/dns_import_tupa.php
@@ -45,6 +45,9 @@ $error = '';
// Resyncing dns zones
if(isset($_POST['start']) && $_POST['start'] == 1) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
//* Set variable sin template
$app->tpl->setVar('dbhost', $_POST['dbhost']);
@@ -151,6 +154,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php
index 75e59929df7eeeeb768c23175942fa2a3466029e..b2ce4cc8a53d92fe6b310efc570ac6d287521966 100644
--- a/interface/web/tools/import_ispconfig.php
+++ b/interface/web/tools/import_ispconfig.php
@@ -49,6 +49,10 @@ include $lng_file;
$app->tpl->setVar($wb);
if(isset($_POST['connected'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$connected = $app->functions->intval($_POST['connected']);
if($connected == 0) {
@@ -133,6 +137,11 @@ $app->tpl->setVar('remote_session_id', $remote_session_id);
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('ispconfig_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/interface/web/tools/import_plesk.php b/interface/web/tools/import_plesk.php
index 0be88b583e18efbfdb308cb683f5a9e3f521a4c6..61922e2b30d9ea01fa0a6444f8b567829f359956 100644
--- a/interface/web/tools/import_plesk.php
+++ b/interface/web/tools/import_plesk.php
@@ -144,6 +144,9 @@ $error = '';
// Start migrating plesk data
if(isset($_POST['start']) && $_POST['start'] == 1) {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
//* Set variable sin template
$app->tpl->setVar('dbhost', $_POST['dbhost']);
$app->tpl->setVar('dbname', $_POST['dbname']);
@@ -1209,6 +1212,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('plesk_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index 1191585ff553e6d02c45d035e9e5d6f3231b2b2a..36d4fab341d738ec818b6ed8fc449f2d08d721fb 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -48,6 +48,11 @@ $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_resync.lng';
include $lng_file;
$app->tpl->setVar($wb);
+if(isset($_POST) && count($_POST) > 1) {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+}
+
//* Resyncing websites
if(isset($_POST['resync_sites']) && $_POST['resync_sites'] == 1) {
$db_table = 'web_domain';
@@ -217,6 +222,11 @@ if(isset($_POST['resync_client']) && $_POST['resync_client'] == 1) {
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('tools_resync');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/interface/web/vm/openvz_action.php b/interface/web/vm/openvz_action.php
index 6e090d74683c7957c9d28e1228f2758184719f3a..b387ef3d41e60415deaae454e4e3adfcdda73201 100644
--- a/interface/web/vm/openvz_action.php
+++ b/interface/web/vm/openvz_action.php
@@ -17,6 +17,11 @@ $notify_msg = '';
if($vm_id == 0) die('Invalid VM ID');
+if(isset($_POST) && count($_POST) > 1) {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+}
+
$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = $vm_id");
$veid = $app->functions->intval($vm['veid']);
$server_id = $app->functions->intval($vm['server_id']);
@@ -141,6 +146,11 @@ if($action == 'show') {
$app->tpl->setVar($options);
$app->tpl->setVar('error', $error_msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('openvz_action');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl_defaults();
$app->tpl->pparse();