Add antiCSRF() in every form
This commit is contained in:
parent
66f472f678
commit
6449402763
|
@ -18,6 +18,8 @@ Pas de compte ? <a class="authButton" href="register">En créer un</a>
|
|||
|
||||
if (isset($_POST['username']) AND isset($_POST['password'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
if (!checkPasswordFormat($_POST['password']))
|
||||
exit("Le format du mot de passe n'est pas valide !");
|
||||
|
||||
|
|
|
@ -18,6 +18,8 @@
|
|||
|
||||
if (isset($_SESSION['username']) AND isset($_POST['newPassword']) AND isset($_POST['currentPassword'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
if (checkPassword($_SESSION['username'], $_POST['currentPassword'])) {
|
||||
|
||||
if (!checkPasswordFormat($_POST['newPassword']))
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
|
||||
if (isset($_POST['username']) AND isset($_POST['password'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
if (!checkPasswordFormat($_POST['password']))
|
||||
exit("Le format du mot de passe n'est pas valide !");
|
||||
|
||||
|
|
|
@ -55,6 +55,8 @@
|
|||
|
||||
if (isset($_POST['domain']) AND isset($_POST['dir']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
checkDomainFormat($_POST['domain']);
|
||||
|
||||
if (!in_array($_POST['dir'], $notYetEnabledDirs))
|
||||
|
|
|
@ -49,6 +49,8 @@
|
|||
|
||||
if (isset($_POST['dir']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
if (!in_array($_POST['dir'], $notYetEnabledDirs))
|
||||
exit("ERROR : Wrong value for dir");
|
||||
|
||||
|
|
|
@ -49,6 +49,8 @@
|
|||
|
||||
if (isset($_POST['dir']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
if (!in_array($_POST['dir'], $notYetEnabledDirs))
|
||||
exit("ERROR : Wrong value for dir");
|
||||
|
||||
|
|
|
@ -56,6 +56,8 @@
|
|||
|
||||
if (isset($_POST['domain']) AND isset($_POST['dir']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
checkDomainFormat($_POST['domain']);
|
||||
|
||||
if (!in_array($_POST['dir'], $notYetEnabledDirs))
|
||||
|
|
|
@ -12,7 +12,9 @@
|
|||
|
||||
<?php
|
||||
|
||||
if (isset($_POST['domain'])) {
|
||||
if (isset($_POST['domaine']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
exec(SUDO_PATH . " " . MANIVER_PATH . " le-install " . $_POST['domain'], $output);
|
||||
addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output);
|
||||
|
|
|
@ -18,6 +18,9 @@ if ($_SESSION['sftp_enabled'] == false) { ?>
|
|||
<?php
|
||||
|
||||
if (isset($_SESSION['username']) AND isset($_POST['password'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
// Setup SFTP access
|
||||
exec(SUDO_PATH . " " . MANIVER_PATH . " setup-user " . $_SESSION['username'] . " " . $_POST['password'], $output);
|
||||
addNiverLog($_SESSION['username'] . " enabled SFTP on their account", $output);
|
||||
|
|
|
@ -9,6 +9,7 @@ function nsCommonRequirements() {
|
|||
AND isset($_POST['ttl-multiplier'])
|
||||
AND isset($_SESSION['username'])
|
||||
) {
|
||||
antiCSRF();
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -25,6 +25,8 @@ Afin d'activer DNSSEC, vous devez indiquer un enregistrement DS à la zone paren
|
|||
|
||||
if (isset($_POST['zone']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
nsCheckZonePossession($_POST['zone']);
|
||||
|
||||
exec(KEYMGR_PATH . " " . $_POST['zone'] . " ds", $output);
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
|
||||
if (isset($_POST['domain']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
checkAbsoluteDomainFormat($_POST['domain']);
|
||||
|
||||
$db = new PDO('sqlite:' . DB_PATH);
|
||||
|
|
|
@ -64,6 +64,8 @@
|
|||
|
||||
if (isset($_POST['zone']) AND isset($_POST['keytag']) AND isset($_POST['algo']) AND isset($_POST['key']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
if (!($_POST['algo'] === "8")
|
||||
AND !($_POST['algo'] === "13")
|
||||
AND !($_POST['algo'] === "14")
|
||||
|
|
|
@ -41,7 +41,9 @@
|
|||
|
||||
<?php
|
||||
|
||||
if (isset($_POST['action']) AND isset($_POST['subdomain']) AND isset($_POST['suffix']) AND isset($_POST['ip'])) {
|
||||
if (isset($_POST['action']) AND isset($_POST['subdomain']) AND isset($_POST['suffix']) AND isset($_POST['ip']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
if (!$suffixes)
|
||||
exit("ERROR : You don't own any domain");
|
||||
|
|
|
@ -36,6 +36,8 @@
|
|||
|
||||
if (isset($_POST['domain']) AND isset($_POST['action']) AND isset($_POST['ns']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
regCheckDomainPossession($_POST['domain']);
|
||||
checkAbsoluteDomainFormat($_POST['ns']);
|
||||
|
||||
|
|
|
@ -139,6 +139,9 @@ Ce domaine doit être composé uniquement d'au moins 4 lettres latines non accen
|
|||
<?php
|
||||
|
||||
if (isset($_POST['subdomain']) AND isset($_POST['suffix']) AND isset($_SESSION['username'])) {
|
||||
|
||||
antiCSRF();
|
||||
|
||||
if (preg_match("/" . SUBDOMAIN_REGEX . "/", $_POST['subdomain'])) {
|
||||
|
||||
if (!in_array($_POST['suffix'], SUFFIXES))
|
||||
|
|
Loading…
Reference in New Issue