composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-24 02:58:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

🔒 N°1795 prevent CSRF on dashboard import

Browse Source
This commit is contained in:
Pierre Goiffon
2018-11-26 15:17:53 +01:00
parent d5568afc68
commit 0f20f9ca5d
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/utils.inc.php
View File

@@ -1090,10 +1090,12 @@ class utils
$sDlgTitle = addslashes(Dict::S('UI:ImportDashboardTitle')); $sDlgTitle = addslashes(Dict::S('UI:ImportDashboardTitle'));
$sDlgText = addslashes(Dict::S('UI:ImportDashboardText')); $sDlgText = addslashes(Dict::S('UI:ImportDashboardText'));
$sCloseBtn = addslashes(Dict::S('UI:Button:Cancel')); $sCloseBtn = addslashes(Dict::S('UI:Button:Cancel'));
$sUploadDashboardTransactId = utils::GetNewTransactionId();
$aResult = array( $aResult = array(
new SeparatorPopupMenuItem(), new SeparatorPopupMenuItem(),
new URLPopupMenuItem('UI:ExportDashboard', Dict::S('UI:ExportDashBoard'), utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=export_dashboard&id='.$sMenuId), new URLPopupMenuItem('UI:ExportDashboard', Dict::S('UI:ExportDashBoard'), utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=export_dashboard&id='.$sMenuId),
new JSPopupMenuItem('UI:ImportDashboard', Dict::S('UI:ImportDashBoard'), "UploadDashboard({dashboard_id: '$sMenuId', title: '$sDlgTitle', text: '$sDlgText', close_btn: '$sCloseBtn' })"), new JSPopupMenuItem('UI:ImportDashboard', Dict::S('UI:ImportDashBoard'),
"UploadDashboard({dashboard_id: '$sMenuId', title: '$sDlgTitle', text: '$sDlgText', close_btn: '$sCloseBtn', transaction: '$sUploadDashboardTransactId' })"),
); );
break; break;

3
js/dashboard.js
View File

@@ -366,6 +366,7 @@ $(function()
{ {
dashboard_id: '', dashboard_id: '',
file_id: '', file_id: '',
transaction: '',
text: 'Select a dashboard file to import', text: 'Select a dashboard file to import',
title: 'Dahsboard Import', title: 'Dahsboard Import',
close_btn: 'Close', close_btn: 'Close',
@@ -383,7 +384,7 @@ $(function()
//me.onClose(); //me.onClose();
}; };
$('#'+this.options.file_id).fileupload({ $('#'+this.options.file_id).fileupload({
url: me.options.submit_to+'&id='+me.options.dashboard_id, url: me.options.submit_to+'&id='+me.options.dashboard_id+'&transaction_id='+me.options.transaction,
dataType: 'json', dataType: 'json',
pasteZone: null, // Don't accept files via Chrome's copy/paste pasteZone: null, // Don't accept files via Chrome's copy/paste
done: function (e, data) { done: function (e, data) {

5
pages/ajax.render.php
View File

@@ -1190,6 +1190,11 @@ EOF
break; break;
case 'import_dashboard': case 'import_dashboard':
$sTransactionId = utils::ReadParam('transaction_id', '', false, 'raw_data');
if (!utils::IsTransactionValid($sTransactionId, true))
{
throw new SecurityException('ajax.render.php import_dashboard : invalid transaction_id');
}
$sMenuId = utils::ReadParam('id', '', false, 'raw_data'); $sMenuId = utils::ReadParam('id', '', false, 'raw_data');
ApplicationMenu::LoadAdditionalMenus(); ApplicationMenu::LoadAdditionalMenus();
$index = ApplicationMenu::GetMenuIndexById($sMenuId); $index = ApplicationMenu::GetMenuIndexById($sMenuId);