github
/
KodExplorer
mirror of https://github.com/kalcaddle/KodExplorer
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix Security Issue 

A CSRF was located on this calss and has been fixed by Ben Khlifa Fahmi , the CSRF Allow an attacker to Add, Edit , Delete Group.
pull/50/head
Ben Khlifa Fahmi 2016-01-01 14:29:45 -05:00
parent 3727603694
commit 2450ab9fc5
1 changed files with 134 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
controller/group.class.php
View File

@ -4,85 +4,147 @@
* @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt
* @secured : Ben Khlifa Fahmi
*/
class group extends Controller
class group extends Controller{
private $sql;
function __construct() {
parent::__construct();
$this->sql=new fileCache(USER_SYSTEM.'group.php');
}
public function get() {
show_json($this->sql->get());
}
/**
* 用户添加
*/
public function add(){
$group = $this->_init_data();
if($this->sql->add($this->in['role'],$group)){
show_json($this->L['success']);
}
show_json($this->L['error_repeat'],false);
}
{
private $sql;
function __construct()
{
parent::__construct();
$this->sql = new fileCache(USER_SYSTEM . 'group.php');
}
/**
* 编辑
*/
public function edit(){
$group = $this->_init_data();
$role_old = $this->in['role_old'];
if (!$role_old) show_json($this->L["groupname_can_not_null"],false);
if ($role_old == 'root') show_json($this->L['default_group_can_not_do'],false);
public
if ($this->sql->replace_update($role_old,$this->in['role'],$group)){
$member = new fileCache(USER_SYSTEM.'member.php');
if ($member -> update('role',$this->in['role'],$role_old)) {
show_json($this->L['success']);
}
show_json($this->L['group_move_user_error'],false);
}
show_json($this->L['error_repeat'],false);
}
function get()
{
show_json($this->sql->get());
}
/**
* 删除
*/
public function del() {
$role = $this->in['role'];
if (!$role) show_json($this->L["groupname_can_not_null"],false);
if ($role == 'root') show_json($this->L['default_group_can_not_do'],false);
if($this->sql->delete($role)){
$member = new fileCache(USER_SYSTEM.'member.php');
$member -> update('role','',$role);//改组用户设置为空
show_json($this->L['success']);
}
show_json($this->L['error'],false);
}
/**
* 用户添加
*/
public
function add()
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$group = $this->_init_data();
if ($this->sql->add($this->in['role'], $group))
{
show_json($this->L['success']);
}
//===========内部调用============
/**
* 初始化数据 get
* 只传键即可 &ext_not_allow=''&explorer-mkfile&explorer-pathRname
*/
private function _init_data(){
if (strlen($this->in['role'])<1) show_json($this->L["groupname_can_not_null"],false);
if (strlen($this->in['name'])<1) show_json($this->L["groupdesc_can_not_null"],false);
$role_arr = array('role'=>$this->in['role'],'name'=>$this->in['name']);
$role_arr['ext_not_allow'] = $this->in['ext_not_allow'];
foreach ($this->config['role_setting'] as $key => $actions) {
foreach ($actions as $action) {
$k = $key.':'.$action;
if (isset($this->in[$k])){
$role_arr[$k] = 1;
}else{
$role_arr[$k] = 0;
show_json($this->L['error_repeat'], false);
}
}
else
{
header('Location: 403.php');
}
}
/**
* 编辑
*/
public
function edit()
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$group = $this->_init_data();
$role_old = $this->in['role_old'];
if (!$role_old) show_json($this->L["groupname_can_not_null"], false);
if ($role_old == 'root') show_json($this->L['default_group_can_not_do'], false);
if ($this->sql->replace_update($role_old, $this->in['role'], $group))
{
$member = new fileCache(USER_SYSTEM . 'member.php');
if ($member->update('role', $this->in['role'], $role_old))
{
show_json($this->L['success']);
}
show_json($this->L['group_move_user_error'], false);
}
show_json($this->L['error_repeat'], false);
}
}
else
{
header('Location: 403.php');
}
}
/**
* 删除
*/
public
function del()
{
if ($_SERVER['HTTP_REFERER'] != $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"])
{
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$role = $this->in['role'];
if (!$role) show_json($this->L["groupname_can_not_null"], false);
if ($role == 'root') show_json($this->L['default_group_can_not_do'], false);
if ($this->sql->delete($role))
{
$member = new fileCache(USER_SYSTEM . 'member.php');
$member->update('role', '', $role); //改组用户设置为空
show_json($this->L['success']);
}
show_json($this->L['error'], false);
}
}
else
{
header('Location: 403.php');
}
}
return $role_arr;
}
}
// ===========内部调用============
/**
* 初始化数据 get
* 只传键即可 &ext_not_allow=''&explorer-mkfile&explorer-pathRname
*/
private
function _init_data()
{
if (strlen($this->in['role']) < 1) show_json($this->L["groupname_can_not_null"], false);
if (strlen($this->in['name']) < 1) show_json($this->L["groupdesc_can_not_null"], false);
$role_arr = array(
'role' => $this->in['role'],
'name' => $this->in['name']
);
$role_arr['ext_not_allow'] = $this->in['ext_not_allow'];
foreach($this->config['role_setting'] as $key => $actions)
{
foreach($actions as $action)
{
$k = $key . ':' . $action;
if (isset($this->in[$k]))
{
$role_arr[$k] = 1;
}
else
{
$role_arr[$k] = 0;
}
}
}
return $role_arr;
}
}