mirror of
https://github.com/friendica/friendica
synced 2024-05-21 19:46:42 +02:00
Add form security token check to /admin/phpinfo module
- This prevents basic XSS attacks against /admin/phpinfo
This commit is contained in:
parent
bb737adf51
commit
15b757e36c
|
@ -30,6 +30,8 @@ class PhpInfo extends BaseAdmin
|
|||
{
|
||||
self::checkAdminAccess();
|
||||
|
||||
self::checkFormSecurityTokenForbiddenOnError('phpinfo', 't');
|
||||
|
||||
phpinfo();
|
||||
System::exit();
|
||||
}
|
||||
|
|
|
@ -104,7 +104,7 @@ abstract class BaseAdmin extends BaseModule
|
|||
'logsview' => ['admin/logs/view' , DI::l10n()->t('View Logs') , 'viewlogs'],
|
||||
]],
|
||||
'diagnostics' => [DI::l10n()->t('Diagnostics'), [
|
||||
'phpinfo' => ['admin/phpinfo' , DI::l10n()->t('PHP Info') , 'phpinfo'],
|
||||
'phpinfo' => ['admin/phpinfo?t=' . self::getFormSecurityToken('phpinfo'), DI::l10n()->t('PHP Info') , 'phpinfo'],
|
||||
'probe' => ['probe' , DI::l10n()->t('probe address') , 'probe'],
|
||||
'webfinger' => ['webfinger' , DI::l10n()->t('check webfinger') , 'webfinger'],
|
||||
'babel' => ['babel' , DI::l10n()->t('Babel') , 'babel'],
|
||||
|
|
Loading…
Reference in a new issue