Project

General

Profile

Revision 242

View differences:

branches/extplorer2/scripts/application.js.php
3 3
if( !defined( '_JEXEC' ) && !defined( '_VALID_MOS' ) ) die( 'Restricted access' );
4 4
/**
5 5
 * @package eXtplorer
6
 * @copyright soeren 2007-2014
6
 * @copyright soeren 2007-2015
7 7
 * @author The eXtplorer project (http://extplorer.net)
8 8
 * @license
9 9
 * @version $Id$
branches/extplorer2/scripts/functions.js.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2009
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * @license
......
390 390
		option: 'com_extplorer',
391 391
		dir: dir,
392 392
		item: selitems.length > 0 ? selitems[0]:'',
393
		'selitems[]': selitems
393
		'selitems[]': selitems,
394
        token: "<?php echo ext_getToken() ?>"
394 395
	};
395 396
	return requestParams;
396 397
}
......
456 457

  
457 458

  
458 459
function statusBarMessage( msg, isLoading, success ) {
460
	msg = msg.replace(/[\u00A0-\u9999<>\&]/gim, function(i) {  return '&#' + i.charCodeAt(0) + ';';});
459 461
	var statusBar = Ext.getCmp('statusPanel');
460 462
	if( !statusBar ) return;
461 463
	if( isLoading ) {
branches/extplorer2/scripts/archive.js.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2009
7
 * @copyright soeren 2007-2015
8 8
 * This file is dynamically loaded when something is to be archived
9 9
 * It handles the callback to control + show the archive progress
10 10
 */
branches/extplorer2/CHANGELOG.txt
3 3
Version $Id$
4 4
****************************
5 5

  
6
--- version 2.1.8 ---
7
- added security functions for protection against CSRF attacks
8

  
9

  
6 10
--- version 2.1.7 ---
7 11
- fixed SWFUpload against XSS vulnerabilities
8 12
- fixed XSS vulnerability in file list
branches/extplorer2/include/upload.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2009
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * @license
......
44 44

  
45 45
		// Execute
46 46
		if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {
47
				
47
            // CSRF Security Check
48
            if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
49
                ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
50
            }
48 51
			if( isset($GLOBALS['__FILES']['Filedata'])) {
49 52
				// Re-Map the flash-uploaded file with the name "Filedata" to the "userfile" array
50 53
				$GLOBALS['__FILES']['userfile'] = array(
......
243 246
						"action": "upload", 
244 247
						"dir": datastore.directory,
245 248
						"requestType": "xmlhttprequest",
246
						"confirm": "true"
249
						"confirm": "true",
250
                        "token": "<?php echo ext_getToken() ?>"
247 251
					}
248 252
				});
249 253
			}
......
304 308
						"option": "com_extplorer", 
305 309
						"action": "transfer", 
306 310
						"dir": datastore.directory,
307
						"confirm": 'true'
311
						"confirm": 'true',
312
                        "token": "<?php echo ext_getToken() ?>"
308 313
					}
309 314
				});
310 315
			}
branches/extplorer2/include/transfer.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2009
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @license
10 10
 * The contents of this file are subject to the Mozilla Public License
......
51 51
		//DEBUG ext_Result::sendResult('transfer', false, $dir );
52 52
		// Execute
53 53
		if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {
54

  
54
            // CSRF Security Check
55
            if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
56
                ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
57
            }
55 58
			$cnt=count($GLOBALS['__POST']['userfile']);
56 59
			$err=false;
57 60
			foreach($this->_downloadMethods as $method ) {
branches/extplorer2/include/edit.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2009
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * 
......
70 70
			ext_Result::sendResult('edit', false, $item.": ".ext_Lang::err('accessfile' ));
71 71
		}
72 72

  
73
        // CSRF Security Check
74
        if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
75
            ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
76
        }
73 77
		if(isset($GLOBALS['__POST']["dosave"]) && $GLOBALS['__POST']["dosave"]=="yes") {
74 78
			// Save / Save As
75 79
			$item=basename(stripslashes($GLOBALS['__POST']["fname"]));
......
208 212
						code: editAreaLoader.getValue("ext_codefield<?php echo $id_hash ?>"),
209 213
						dir: '<?php echo stripslashes($dir) ?>', 
210 214
						item: '<?php echo stripslashes($item) ?>', 
211
						dosave: 'yes'
215
						dosave: 'yes',
216
                        token: "<?php echo ext_getToken() ?>"
212 217
				}
213 218
			});
214 219
		},
......
237 242
					action: 'edit', 
238 243
					dir: '<?php echo stripslashes($dir) ?>', 
239 244
					item: '<?php echo stripslashes($item) ?>', 
240
					doreopen: 'yes'
245
					doreopen: 'yes',
246
                    token: "<?php echo ext_getToken() ?>"
241 247
				}
242 248
			});
243 249
		},	
branches/extplorer2/include/mkitem.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2011
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * 
......
41 41
		if(($GLOBALS["permissions"]&01)!=01) ext_Result::sendResult( 'mkitem', false, $GLOBALS["error_msg"]["accessfunc"]);
42 42

  
43 43
		if( extGetParam($_POST,'confirm') == 'true') {
44
            // CSRF Security Check
45
            if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
46
                ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
47
            }
44 48
			$mkname=$GLOBALS['__POST']["mkname"];
45 49
			$mktype=$GLOBALS['__POST']["mktype"];
46 50
			$symlink_target = $GLOBALS['__POST']['symlink_target'];
branches/extplorer2/include/admin.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2011
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * @license
......
124 124
							"params": {
125 125
								option: "com_extplorer", 
126 126
								"action": "admin",
127
								"action2": "chpwd"
127
								"action2": "chpwd",
128
								"token": "<?php echo ext_getToken() ?>"
128 129
							}
129 130
						})
130 131
						}
......
174 175
				"text": "<?php echo ext_Lang::msg( 'btnadd', true ) ?>", 
175 176
				"handler": function() {
176 177
							Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>",
177
								"params": { "option": "com_extplorer","action": "admin","action2": "adduser" },	
178
								"params": { "option": "com_extplorer","action": "admin","action2": "adduser",
179
								"token": "<?php echo ext_getToken() ?>" },	
178 180
								"callback": function(oElement, bSuccess, oResponse) {
179 181
											if( !bSuccess ) {
180 182
												Ext.Msg.alert( "Ajax communication failure!");
......
208 210
								return;
209 211
							}
210 212
							Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>",
211
								"params": { option: "com_extplorer","action": "admin","action2": "edituser","nuser":theUser },	
213
								"params": { option: "com_extplorer","action": "admin","action2": "edituser","nuser":theUser,
214
								"token": "<?php echo ext_getToken() ?>" },	
212 215
								"callback": function(oElement, bSuccess, oResponse) {
213 216
											if( !bSuccess ) {
214 217
												Ext.Msg.alert( "Ajax communication failure!");
......
260 263
										"option": "com_extplorer", 
261 264
										"action": "admin",
262 265
										"action2": "rmuser",
263
										"user": theUser
266
										"user": theUser,
267
										"token": "<?php echo ext_getToken() ?>"
264 268
									}
265 269
								});
266 270
							});
......
278 282
}
279 283
//------------------------------------------------------------------------------
280 284
function changepwd($dir) {			// Change Password
281
	
285
	if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
286
		ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
287
	}
282 288
	if($GLOBALS['__POST']["newpwd1"]!=$GLOBALS['__POST']["newpwd2"]) {
283 289
		ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
284 290
	}
......
310 316
}
311 317
//------------------------------------------------------------------------------
312 318
function adduser($dir) {			// Add User
313
	if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {
319
	if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true" && ext_checkToken($GLOBALS['__POST']["token"]) ) {
320
	
314 321
		$user=stripslashes($GLOBALS['__POST']["nuser"]);
315 322
		if($user=="" || $GLOBALS['__POST']["home_dir"]=="") {
316 323
			ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
......
342 349
function edituser($dir) {			// Edit User
343 350
	$user=stripslashes($GLOBALS['__POST']["nuser"]);
344 351
	$data=ext_find_user($user,NULL);
352
	if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
353
		ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.');
354
	}
345 355
	if($data==NULL) {
346 356
		ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["miscnofinduser"]);
347 357
	}
......
539 549
								user: "<?php echo @$data[0] ?>",
540 550
								"action": 'admin', 
541 551
								"action2": "<?php echo @$data[0] ? 'edituser' : 'adduser' ?>",
542
								"confirm": "true"
552
								"confirm": "true",
553
								"token": "<?php echo ext_getToken() ?>"
543 554
						}
544 555
					})
545 556
				}
......
553 564
//------------------------------------------------------------------------------
554 565
function removeuser($dir) {			// Remove User
555 566
	$user=stripslashes($GLOBALS['__POST']["user"]);
567
	if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
568
		ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.');
569
	}
556 570
	if($user==$GLOBALS['__SESSION']['credentials_extplorer']['username']) {
557 571
		ext_Result::sendResult('removeuser', false, $GLOBALS["error_msg"]["miscselfremove"]);
558 572
	}
branches/extplorer2/include/chmod.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2009
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * 
......
42 42

  
43 43
		if(($GLOBALS["permissions"]&01)!=01) ext_Result::sendResult( 'chmod', false, $GLOBALS["error_msg"]["accessfunc"]);
44 44

  
45
        // CSRF Security Check
46
        if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
47
            ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
48
        }
45 49
		if( !empty($GLOBALS['__POST']["selitems"])) {
46 50
			$cnt=count($GLOBALS['__POST']["selitems"]);
47 51

  
branches/extplorer2/include/copy_move.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2011
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 *
......
42 42
		ext_Result::sendResult( $action, false, $GLOBALS["error_msg"]["accessfunc"]);
43 43
	}
44 44

  
45
    // CSRF Security Check
46
    if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
47
        ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
48
    }
45 49
	// Vars
46 50
	$first = extGetParam($GLOBALS['__POST'], 'first' );
47 51
	if($first=="y") $new_dir=$dir;
branches/extplorer2/include/delete.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * 
......
44 44
		// delete files/dirs
45 45
		if(($GLOBALS["permissions"]&01)!=01) 
46 46
		ext_Result::sendResult('delete', false, $GLOBALS["error_msg"]["accessfunc"]);
47

  
47
        // CSRF Security Check
48
        if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
49
            ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
50
        }
48 51
		$cnt = count($GLOBALS['__POST']["selitems"]);
49 52
		$err = false;
50 53

  
......
94 97
		ext_Result::sendResult('delete', true, $GLOBALS['messages']['success_delete_file'] );
95 98
	}
96 99
}
97
//------------------------------------------------------------------------------
98
?>
branches/extplorer2/include/rename.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2009
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * 
......
44 44
		}
45 45

  
46 46
		if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {
47

  
47
            // CSRF Security Check
48
            if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
49
                ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
50
            }
48 51
			$newitemname=$GLOBALS['__POST']["newitemname"];
49 52
			$newitemname=trim(basename(stripslashes($newitemname)));
50 53

  
branches/extplorer2/include/functions.php
1432 1432
 * @param string $id
1433 1433
 * @return string
1434 1434
 */
1435
function get_session_id( $id=null ) {
1435
function generate_session_id( $id=null ) {
1436 1436
	return extMakePassword( 32 );
1437 1437
}
1438
function ext_getToken() {
1439
    return md5(session_id());
1440
}
1441
function ext_checkToken($token) {
1442
    return md5(session_id()) == $token;
1443
}
branches/extplorer2/include/login.php
113 113
		exit();
114 114
	}
115 115
	session_write_close();
116
	session_id( get_session_id() );
116
	session_id( generate_session_id() );
117 117
	session_start();
118 118
	// Ask for Login
119 119
	$GLOBALS['mainframe']->setPageTitle( ext_Lang::msg('actlogin') );
branches/extplorer2/include/extract.php
5 5
/**
6 6
 * @version $Id$
7 7
 * @package eXtplorer
8
 * @copyright soeren 2007-2010
8
 * @copyright soeren 2007-2015
9 9
 * @author The eXtplorer project (http://extplorer.net)
10 10
 * 
11 11
 * @license
......
43 43
		if( ! ext_isArchive( $item ) ) {
44 44
			ext_Result::sendResult( 'archive', false, $item.': '.ext_Lang::err( 'extract_noarchive' ) ) ;
45 45
		} else {
46

  
46
            // CSRF Security Check
47
            if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
48
                ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
49
            }
47 50
			$archive_name = realpath( get_abs_item( $dir, $item ) ) ;
48 51

  
49 52
			if( empty( $dir ) ) {
branches/extplorer2/include/list.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2014
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * 
branches/extplorer2/include/archive.php
4 4
/**
5 5
 * @version $Id$
6 6
 * @package eXtplorer
7
 * @copyright soeren 2007-2011
7
 * @copyright soeren 2007-2015
8 8
 * @author The eXtplorer project (http://extplorer.net)
9 9
 * @author The	The QuiX project (http://quixplorer.sourceforge.net)
10 10
 * @license
......
46 46
		if(!$GLOBALS["zip"] && !$GLOBALS["tgz"]) {
47 47
			ext_Result::sendResult('archive', false, $GLOBALS["error_msg"]["miscnofunc"]);
48 48
		}
49
		
49

  
50
        // CSRF Security Check
51
        if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
52
            ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
53
        }
50 54
		$allowed_types = array( 'zip', 'tgz', 'tbz', 'tar' );
51 55

  
52 56
		// If we have something to archive, let's do it now
branches/extplorer2/libraries/standalone.php
2 2
/**
3 3
* @version $Id$
4 4
* @package eXtplorer
5
* @copyright Copyright (C) 2007 Open Source Matters. All rights reserved.
5
* @copyright Copyright (C) 2012-2015 Soeren Eberhardt-Biermann. All rights reserved.
6 6
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
7 7
* Joomla! is free software. This version may have been modified pursuant
8 8
* to the GNU General Public License, and as distributed it includes or
branches/extplorer2/libraries/JSON.php
825 825
    function isError($data, $code = null)
826 826
    {
827 827
        if (class_exists('pear')) {
828
            return PEAR::isError($data, $code);
828
            return @PEAR::isError($data, $code);
829 829
        } elseif (is_object($data) && (get_class($data) == 'services_json_error' ||
830 830
                                 is_subclass_of($data, 'services_json_error'))) {
831 831
            return true;

Also available in: Unified diff