AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-16 18:54:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRF Token validation for API key create/delete

Browse Source
This commit is contained in:
Marcus Hill
2022-05-07 16:56:55 +01:00
parent 53ae901f15
commit b2c0994577
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api_key_add_modal.php
View File

@@ -13,6 +13,7 @@ $key = keygen();
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<div class="modal-body bg-white"> <div class="modal-body bg-white">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="key" value="<?php echo $key ?>"> <input type="hidden" name="key" value="<?php echo $key ?>">
<div class="form-group"> <div class="form-group">

11
post.php
View File

@@ -419,6 +419,9 @@ if(isset($_POST['add_api_key'])){
exit(); exit();
} }
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['key']))); $secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['key'])));
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']))); $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire']))); $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
@@ -446,17 +449,19 @@ if(isset($_GET['delete_api_key'])){
exit(); exit();
} }
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
$api_key_id = intval($_GET['delete_api_key']); $api_key_id = intval($_GET['delete_api_key']);
// Get API Key Name // Get API Key Name
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id"); $row = mysqli_fetch_array(mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id"));
$row = mysqli_fetch_array($sql);
$name = $row['api_key_name']; $name = $row['api_key_name'];
mysqli_query($mysqli,"DELETE FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id"); mysqli_query($mysqli,"DELETE FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id");
// Logging // Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Delete', log_description = '$session_name deleted user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Delete', log_description = '$session_name deleted API key $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = "API Key <strong>$name</strong> deleted"; $_SESSION['alert_message'] = "API Key <strong>$name</strong> deleted";

2
settings-api.php
View File

@@ -81,7 +81,7 @@
<i class="fas fa-ellipsis-h"></i> <i class="fas fa-ellipsis-h"></i>
</button> </button>
<div class="dropdown-menu"> <div class="dropdown-menu">
<a class="dropdown-item text-danger" href="post.php?delete_api_key=<?php echo $api_key_id; ?>">Revoke</a> <a class="dropdown-item text-danger" href="post.php?delete_api_key=<?php echo $api_key_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">Revoke</a>
</div> </div>
</div> </div>
</td> </td>