friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Add form security token check to /admin/phpinfo module 

- This prevents basic XSS attacks against /admin/phpinfo
This commit is contained in:
Hypolite Petovan 2024-02-21 22:05:45 -05:00
parent bb737adf51
commit 15b757e36c
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Module/Admin/PhpInfo.php
View File

@ -30,6 +30,8 @@ class PhpInfo extends BaseAdmin
{
self::checkAdminAccess();
self::checkFormSecurityTokenForbiddenOnError('phpinfo', 't');
phpinfo();
System::exit();
}

2
src/Module/BaseAdmin.php
View File

@ -104,7 +104,7 @@ abstract class BaseAdmin extends BaseModule
'logsview' => ['admin/logs/view' , DI::l10n()->t('View Logs') , 'viewlogs'],
]],
'diagnostics' => [DI::l10n()->t('Diagnostics'), [
'phpinfo' => ['admin/phpinfo' , DI::l10n()->t('PHP Info') , 'phpinfo'],
'phpinfo' => ['admin/phpinfo?t=' . self::getFormSecurityToken('phpinfo'), DI::l10n()->t('PHP Info') , 'phpinfo'],
'probe' => ['probe' , DI::l10n()->t('probe address') , 'probe'],
'webfinger' => ['webfinger' , DI::l10n()->t('check webfinger') , 'webfinger'],
'babel' => ['babel' , DI::l10n()->t('Babel') , 'babel'],