AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

credentials: Add missing CSRF checks

Browse Source
This commit is contained in:
johnnyq
2026-03-02 20:11:56 -05:00
parent 1740599b61
commit 023cb4ff11
6 changed files with 34 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
agent/credentials.php
View File

@@ -244,8 +244,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php if ($archived) { ?> <?php if ($archived) { ?>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<button class="dropdown-item text-info" <button class="dropdown-item text-info"
type="submit" form="bulkActions" name="bulk_unarchive_credentials"> type="submit" form="bulkActions" name="bulk_restore_credentials">
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive <i class="fas fa-fw fa-redo mr-2"></i>Restore
</button> </button>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<button class="dropdown-item text-danger text-bold" <button class="dropdown-item text-danger text-bold"
@@ -503,18 +503,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php if (lookupUserPermission("module_credential") >= 2) { ?> <?php if (lookupUserPermission("module_credential") >= 2) { ?>
<?php if ($credential_archived_at) { ?> <?php if ($credential_archived_at) { ?>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<a class="dropdown-item text-info confirm-link" href="post.php?unarchive_credential=<?php echo $credential_id; ?>"> <a class="dropdown-item text-info confirm-link" href="post.php?restore_credential=<?php echo $credential_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive <i class="fas fa-fw fa-redo mr-2"></i>Restore
</a> </a>
<?php if (lookupUserPermission("module_credential") >= 3) { ?> <?php if (lookupUserPermission("module_credential") >= 3) { ?>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_credential=<?php echo $credential_id; ?>"> <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_credential=<?php echo $credential_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete <i class="fas fa-fw fa-trash mr-2"></i>Delete
<?php } ?> <?php } ?>
</a> </a>
<?php } else { ?> <?php } else { ?>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_credential=<?php echo $credential_id; ?>"> <a class="dropdown-item text-danger confirm-link" href="post.php?archive_credential=<?php echo $credential_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive <i class="fas fa-fw fa-archive mr-2"></i>Archive
</a> </a>
<?php } ?> <?php } ?>

1
agent/modals/credential/credential_add.php
View File

@@ -16,6 +16,7 @@ ob_start();
</button> </button>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<div class="modal-body"> <div class="modal-body">

1
agent/modals/credential/credential_edit.php
View File

@@ -44,6 +44,7 @@ ob_start();
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="credential_id" value="<?php echo $credential_id; ?>"> <input type="hidden" name="credential_id" value="<?php echo $credential_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"> <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body"> <div class="modal-body">

1
agent/modals/credential/credential_export.php
View File

@@ -15,6 +15,7 @@ ob_start();
</button> </button>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="client_id" value="<?= $client_id ?>"> <input type="hidden" name="client_id" value="<?= $client_id ?>">
<div class="modal-body"> <div class="modal-body">

1
agent/modals/credential/credential_import.php
View File

@@ -15,6 +15,7 @@ ob_start();
</button> </button>
</div> </div>
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off"> <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="client_id" value="<?= $client_id ?>"> <input type="hidden" name="client_id" value="<?= $client_id ?>">
<div class="modal-body"> <div class="modal-body">
<p><strong>Format csv file with headings & data:</strong><br>Name, Description, Username, Password, TOTP, URI</p> <p><strong>Format csv file with headings & data:</strong><br>Name, Description, Username, Password, TOTP, URI</p>

32
agent/post/credential.php
View File

@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_credential'])) { if (isset($_POST['add_credential'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_credential', 2); enforceUserPermission('module_credential', 2);
require_once 'credential_model.php'; require_once 'credential_model.php';
@@ -34,6 +36,8 @@ if (isset($_POST['add_credential'])) {
if (isset($_POST['edit_credential'])) { if (isset($_POST['edit_credential'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_credential', 2); enforceUserPermission('module_credential', 2);
require_once 'credential_model.php'; require_once 'credential_model.php';
@@ -73,6 +77,8 @@ if (isset($_POST['edit_credential'])) {
if(isset($_GET['archive_credential'])){ if(isset($_GET['archive_credential'])){
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_credential', 2); enforceUserPermission('module_credential', 2);
$credential_id = intval($_GET['archive_credential']); $credential_id = intval($_GET['archive_credential']);
@@ -93,11 +99,13 @@ if(isset($_GET['archive_credential'])){
} }
if(isset($_GET['unarchive_credential'])){ if(isset($_GET['restore_credential'])){
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_credential', 2); enforceUserPermission('module_credential', 2);
$credential_id = intval($_GET['unarchive_credential']); $credential_id = intval($_GET['restore_credential']);
// Get Name and Client ID for logging and alert message // Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id"); $sql = mysqli_query($mysqli,"SELECT credential_name, credential_client_id FROM credentials WHERE credential_id = $credential_id");
@@ -107,7 +115,7 @@ if(isset($_GET['unarchive_credential'])){
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id"); mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id); logAction("Credential", "Restore", "$session_name restored credential $credential_name", $client_id, $credential_id);
flash_alert("Credential <strong>$credential_name</strong> restored"); flash_alert("Credential <strong>$credential_name</strong> restored");
@@ -117,6 +125,8 @@ if(isset($_GET['unarchive_credential'])){
if (isset($_GET['delete_credential'])) { if (isset($_GET['delete_credential'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_credential', 3); enforceUserPermission('module_credential', 3);
$credential_id = intval($_GET['delete_credential']); $credential_id = intval($_GET['delete_credential']);
@@ -139,6 +149,8 @@ if (isset($_GET['delete_credential'])) {
if (isset($_POST['bulk_assign_credential_tags'])) { if (isset($_POST['bulk_assign_credential_tags'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_credential', 2); enforceUserPermission('module_credential', 2);
// Assign tags to Selected Credentials // Assign tags to Selected Credentials
@@ -296,7 +308,7 @@ if (isset($_POST['bulk_archive_credentials'])) {
} }
if (isset($_POST['bulk_unarchive_credentials'])) { if (isset($_POST['bulk_restore_credentials'])) {
validateCSRFToken($_POST['csrf_token']); validateCSRFToken($_POST['csrf_token']);
@@ -307,7 +319,7 @@ if (isset($_POST['bulk_unarchive_credentials'])) {
// Get Selected Credential Count // Get Selected Credential Count
$count = count($_POST['credential_ids']); $count = count($_POST['credential_ids']);
// Cycle through array and unarchive // Cycle through array and restore
foreach ($_POST['credential_ids'] as $credential_id) { foreach ($_POST['credential_ids'] as $credential_id) {
$credential_id = intval($credential_id); $credential_id = intval($credential_id);
@@ -320,13 +332,13 @@ if (isset($_POST['bulk_unarchive_credentials'])) {
mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id"); mysqli_query($mysqli,"UPDATE credentials SET credential_archived_at = NULL WHERE credential_id = $credential_id");
logAction("Credential", "Unarchive", "$session_name unarchived credential $credential_name", $client_id, $credential_id); logAction("Credential", "Restore", "$session_name restored credential $credential_name", $client_id, $credential_id);
} }
logAction("Credential", "Bulk Unarchive", "$session_name unarchived $count credential(s)", $client_id); logAction("Credential", "Bulk Restore", "$session_name restored $count credential(s)", $client_id);
flash_alert("Unarchived <strong>$count</strong> credential(s)"); flash_alert("Restored <strong>$count</strong> credential(s)");
} }
@@ -374,6 +386,8 @@ if (isset($_POST['bulk_delete_credentials'])) {
if (isset($_POST['export_credentials_csv'])) { if (isset($_POST['export_credentials_csv'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_credential'); enforceUserPermission('module_credential');
if ($_POST['client_id']) { if ($_POST['client_id']) {
@@ -431,6 +445,8 @@ if (isset($_POST['export_credentials_csv'])) {
if (isset($_POST["import_credentials_csv"])) { if (isset($_POST["import_credentials_csv"])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_credential', 2); enforceUserPermission('module_credential', 2);
$client_id = intval($_POST['client_id']); $client_id = intval($_POST['client_id']);