Fix CSRF for module authors

Author: VINADES.,JSC

admin/authors/add.php

@@ -49,8 +49,11 @@
 $adminThemes = [''];
 $adminThemes = array_merge($adminThemes, nv_scandir(NV_ROOTDIR . '/themes', $global_config['check_theme_admin']));
 unset($adminThemes[0]);
-
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_info['userid']);
 if ($nv_Request->get_int('save', 'post', 0)) {
+    if ($checkss != $nv_Request->get_string('checkss', 'post')) {
+        nv_htmlOutput('Error Session, Please close the browser and try again');
+    }
     $userid = $nv_Request->get_title('userid', 'post', 0);
     $lev = $nv_Request->get_int('lev', 'post', 0);
     $editor = $nv_Request->get_title('editor', 'post');
@@ -273,6 +276,7 @@
 $xtpl->assign('RESULT_URL', NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=add&result=1&checksess=' . NV_CHECK_SESSION);
 $xtpl->assign('FILTERSQL', $crypt->encrypt($filtersql, NV_CHECK_SESSION));
 $xtpl->assign('ACTION', $contents['action']);
+$xtpl->assign('CHECKSS', $checkss);
 
 foreach ($adminThemes as $_admin_theme) {
     $xtpl->assign('THEME_NAME', $_admin_theme);

admin/authors/config.php

@@ -65,8 +65,8 @@ function nv_checkAdmpass($adminpass)
 $action_account = $nv_Request->get_int('action_account', 'post', 0);
 $action_account = (isset($array_action_account[$action_account])) ? $action_account : 0;
 $error = '';
-$checkss = md5($admin_id . NV_CHECK_SESSION);
-if ($nv_Request->get_title('ok', 'post', 0) == $checkss) {
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_id);
+if ($nv_Request->get_title('checkss', 'post') == $checkss) {
     $sendmail = $nv_Request->get_int('sendmail', 'post', 0);
     $reason = $nv_Request->get_title('reason', 'post', '', 1);
     $adminpass = $nv_Request->get_title('adminpass_iavim', 'post');

admin/authors/del.php

@@ -69,8 +69,11 @@
 $adminThemes = [''];
 $adminThemes = array_merge($adminThemes, nv_scandir(NV_ROOTDIR . '/themes', $global_config['check_theme_admin']));
 unset($adminThemes[0]);
-
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_id);
 if ($nv_Request->get_int('save', 'post', 0)) {
+    if ($checkss != $nv_Request->get_string('checkss', 'post')) {
+        nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name);
+    }
     $editor = $nv_Request->get_title('editor', 'post', '');
     if (defined('NV_IS_SPADMIN')) {
         $allow_files_type = $nv_Request->get_array('allow_files_type', 'post', []);
@@ -393,6 +396,7 @@
 $xtpl->assign('INFO', $contents['info']);
 $xtpl->assign('ACTION', $contents['action']);
 $xtpl->assign('LANG', $lang_module);
+$xtpl->assign('CHECKSS', $checkss);
 
 foreach ($adminThemes as $_admin_theme) {
     $xtpl->assign('THEME_NAME', $_admin_theme);

admin/authors/edit.php

@@ -12,42 +12,45 @@
     die('Stop!!!');
 }
 
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_info['userid']);
 if (defined('NV_IS_AJAX')) {
-    if ($nv_Request->isset_request('changeweight', 'post')) {
-        $mid = $nv_Request->get_int('changeweight', 'post', 0);
-        $new_vid = $nv_Request->get_int('new_vid', 'post', 0);
+    if ($checkss == $nv_Request->get_string('checkss', 'post')) {
+        if ($nv_Request->isset_request('changeweight', 'post')) {
+            $mid = $nv_Request->get_int('changeweight', 'post', 0);
+            $new_vid = $nv_Request->get_int('new_vid', 'post', 0);
 
-        $query = 'SELECT mid FROM ' . NV_AUTHORS_GLOBALTABLE . '_module WHERE mid!=' . $mid . ' ORDER BY weight ASC';
-        $result = $db->query($query);
-        $weight = 0;
-        while ($row = $result->fetch()) {
-            ++$weight;
-            if ($weight == $new_vid) {
+            $query = 'SELECT mid FROM ' . NV_AUTHORS_GLOBALTABLE . '_module WHERE mid!=' . $mid . ' ORDER BY weight ASC';
+            $result = $db->query($query);
+            $weight = 0;
+            while ($row = $result->fetch()) {
                 ++$weight;
+                if ($weight == $new_vid) {
+                    ++$weight;
+                }
+                $db->query('UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_module SET weight=' . $weight . ' WHERE mid=' . $row['mid']);
             }
-            $db->query('UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_module SET weight=' . $weight . ' WHERE mid=' . $row['mid']);
-        }
-        $db->query('UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_module SET weight=' . $new_vid . ' WHERE mid=' . $mid);
-    } elseif ($nv_Request->isset_request('changact', 'post')) {
-        $mid = $nv_Request->get_int('mid', 'post', 0);
-        $act = $nv_Request->get_int('changact', 'post', 1);
-        $query = 'SELECT * FROM ' . NV_AUTHORS_GLOBALTABLE . '_module WHERE mid=' . $mid;
-        $row = $db->query($query)->fetch();
-        if (!empty($row)) {
-            $save = true;
-            if ($act == 3 and ($row['module'] == 'database' or $row['module'] == 'settings' or $row['module'] == 'site')) {
-                $save = false;
-            } elseif ($act == 1 and ($row['module'] == 'authors' or $row['module'] == 'siteinfo')) {
-                $save = false;
-            }
+            $db->query('UPDATE ' . NV_AUTHORS_GLOBALTABLE . '_module SET weight=' . $new_vid . ' WHERE mid=' . $mid);
+        } elseif ($nv_Request->isset_request('changact', 'post')) {
+            $mid = $nv_Request->get_int('mid', 'post', 0);
+            $act = $nv_Request->get_int('changact', 'post', 1);
+            $query = 'SELECT * FROM ' . NV_AUTHORS_GLOBALTABLE . '_module WHERE mid=' . $mid;
+            $row = $db->query($query)->fetch();
+            if (!empty($row)) {
+                $save = true;
+                if ($act == 3 and ($row['module'] == 'database' or $row['module'] == 'settings' or $row['module'] == 'site')) {
+                    $save = false;
+                } elseif ($act == 1 and ($row['module'] == 'authors' or $row['module'] == 'siteinfo')) {
+                    $save = false;
+                }
 
-            if ($save) {
-                $act_val = ($row['act_' . $act]) ? 0 : 1;
-                $checksum = md5($row['module'] . '#' . $row['act_1'] . '#' . $row['act_2'] . '#' . $row['act_3'] . '#' . $global_config['sitekey']);
-                $db->query("UPDATE " . NV_AUTHORS_GLOBALTABLE . "_module SET act_" . $act . " = '" . $act_val . "', checksum = '" . $checksum . "' WHERE mid = " . $mid);
+                if ($save) {
+                    $act_val = ($row['act_' . $act]) ? 0 : 1;
+                    $checksum = md5($row['module'] . '#' . $row['act_1'] . '#' . $row['act_2'] . '#' . $row['act_3'] . '#' . $global_config['sitekey']);
+                    $db->query("UPDATE " . NV_AUTHORS_GLOBALTABLE . "_module SET act_" . $act . " = '" . $act_val . "', checksum = '" . $checksum . "' WHERE mid = " . $mid);
+                }
             }
+            die('OK');
         }
-        die('OK');
     }
 }
 
@@ -61,6 +64,7 @@
 $xtpl->assign('NV_OP_VARIABLE', NV_OP_VARIABLE);
 $xtpl->assign('MODULE_NAME', $module_name);
 $xtpl->assign('NV_LANG_INTERFACE', NV_LANG_INTERFACE);
+$xtpl->assign('CHECKSS', $checkss);
 
 $a = 0;
 $rows = $db->query('SELECT * FROM ' . NV_AUTHORS_GLOBALTABLE . '_module ORDER BY weight ASC')->fetchAll();

admin/authors/module.php

@@ -17,6 +17,7 @@
 }
 
 $admin_id = $nv_Request->get_int('admin_id', 'get', 0);
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_id);
 
 if (empty($admin_id) or $admin_id == $admin_info['admin_id']) {
     nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name);
@@ -62,7 +63,7 @@
 
         if (! empty($new_suspend) and empty($new_reason)) {
             $error = sprintf($lang_module['susp_reason_empty'], $row_user['username']);
-        } else {
+        } elseif ($checkss == $nv_Request->get_string('checkss', 'post')) {
             if ($new_suspend) {
                 if ($clean_history) {
                     $susp_reason = array();
@@ -211,6 +212,7 @@
 // Parse content
 $xtpl = new XTemplate('suspend.tpl', NV_ROOTDIR . '/themes/' . $global_config['module_theme'] . '/modules/' . $module_file);
 $xtpl->assign('SUSPEND_INFO', $contents['suspend_info'][0]);
+$xtpl->assign('CHECKSS', $checkss);
 
 if (empty($contents['suspend_info'][1])) {
     $xtpl->parse('suspend.suspend_info');

admin/authors/suspend.php

@@ -25,7 +25,8 @@ function nv_admin_edit_result(form_id, go, tp) {
 function nv_chang_weight(mid) {
     var nv_timer = nv_settimeout_disable('id_weight_' + mid, 5000);
     var new_vid = $("#id_weight_" + mid).val();
-    $.post(script_name + '?' + nv_name_variable + '=' + nv_module_name + '&' + nv_fc_variable + '=module&nocache=' + new Date().getTime(), 'changeweight=' + mid + '&new_vid=' + new_vid, function(res) {
+    var checkss =  $("input[name='checkss']").val();
+    $.post(script_name + '?' + nv_name_variable + '=' + nv_module_name + '&' + nv_fc_variable + '=module&nocache=' + new Date().getTime(), 'changeweight=' + mid + '&new_vid=' + new_vid + '&checkss=' + checkss, function(res) {
         $("#main_module").html(res);
     });
     return;
@@ -34,7 +35,8 @@ function nv_chang_weight(mid) {
 function nv_chang_act(mid, act) {
     if (confirm(nv_is_change_act_confirm[0])) {
         var nv_timer = nv_settimeout_disable('change_act_' + act + '_' + mid, 5000);
-        $.post(script_name + '?' + nv_name_variable + '=' + nv_module_name + '&' + nv_fc_variable + '=module&nocache=' + new Date().getTime(), 'changact=' + act + '&mid=' + mid, function(res) {
+        var checkss =  $("input[name='checkss']").val();
+        $.post(script_name + '?' + nv_name_variable + '=' + nv_module_name + '&' + nv_fc_variable + '=module&nocache=' + new Date().getTime(), 'changact=' + act + '&mid=' + mid + '&checkss=' + checkss, function(res) {
             nv_set_disable_false('change_act_' + act + '_' + mid);
         });
     } else {

themes/admin_default/js/authors.js

@@ -8,7 +8,7 @@
 			</colgroup>
 			<tfoot>
 				<tr>
-					<td colspan="2" class="text-center"><input name="save" id="save" type="hidden" value="1" /><input name="go_add" type="submit" value="{SUBMIT}" class="btn btn-primary" /></td>
+					<td colspan="2" class="text-center"><input type="hidden" name="checkss" value="{CHECKSS}" /><input name="save" id="save" type="hidden" value="1" /><input name="go_add" type="submit" value="{SUBMIT}" class="btn btn-primary" /></td>
 				</tr>
 			</tfoot>
 			<tbody>

themes/admin_default/modules/authors/add.tpl

@@ -11,6 +11,7 @@
 <form action="{NV_BASE_ADMINURL}index.php" method="post" id="frm">
     <input type="hidden" name="{NV_NAME_VARIABLE}" value="{MODULE_NAME}" />
     <input type="hidden" name="{NV_OP_VARIABLE}" value="{OP}" />
+    <input type="hidden" name="checkss" value="{CHECKSS}" />
     <div class="table-responsive">
         <table class="table table-striped table-bordered table-hover">
             <thead>
@@ -81,6 +82,7 @@
     <input type="hidden" name="{NV_NAME_VARIABLE}" value="{MODULE_NAME}" />
     <input type="hidden" name="{NV_OP_VARIABLE}" value="{OP}" />
     <input type="hidden" name="uid" value="{FIREWALLDATA.uid}" />
+    <input type="hidden" name="checkss" value="{CHECKSS}" />
     <div class="table-responsive">
         <table class="table table-striped table-bordered table-hover">
             <thead>
@@ -160,6 +162,7 @@
     <input type="hidden" name="{NV_NAME_VARIABLE}" value="{MODULE_NAME}" />
     <input type="hidden" name="{NV_OP_VARIABLE}" value="{OP}" />
     <input type="hidden" name="cid" value="{IPDATA.cid}" />
+    <input type="hidden" name="checkss" value="{CHECKSS}" />
     <div class="panel panel-default">
         <div class="panel-heading"><strong>{LANG.adminip_add}</strong></div>
         <div class="panel-body">

themes/admin_default/modules/authors/config.tpl

@@ -5,7 +5,7 @@
     <table class="table table-striped table-bordered table-hover">
         <tfoot>
             <tr>
-                <td colspan="3"><input name="ok" type="hidden" value="{CHECKSS}" /><input name="go_del" type="submit" value="{LANG.nv_admin_del}" class="btn btn-danger" /></td>
+                <td colspan="3"><input name="checkss" type="hidden" value="{CHECKSS}" /><input name="go_del" type="submit" value="{LANG.nv_admin_del}" class="btn btn-danger" /></td>
             </tr>
         </tfoot>
         <tbody>

themes/admin_default/modules/authors/del.tpl

@@ -8,7 +8,7 @@
             </colgroup>
             <tfoot>
                 <tr>
-                    <td colspan="2" class="text-center"><input name="save" id="save" type="hidden" value="1" /><input name="go_edit" type="submit" value="{LANG.save}" class="btn btn-primary" /></td>
+                    <td colspan="2" class="text-center"><input type="hidden" name="checkss" value="{CHECKSS}" /><input name="save" id="save" type="hidden" value="1" /><input name="go_edit" type="submit" value="{LANG.save}" class="btn btn-primary" /></td>
                 </tr>
             </tfoot>
             <tbody>

themes/admin_default/modules/authors/edit.tpl

@@ -1,6 +1,7 @@
 <!-- BEGIN: main -->
 <div id="main_module">
 <div class="table-responsive">
+    <input type="hidden" name="checkss" value="{CHECKSS}" />
 	<table class="table table-striped table-bordered table-hover">
 		<thead>
 			<tr class="text-center">

themes/admin_default/modules/authors/module.tpl

@@ -40,7 +40,7 @@
 		</colgroup>
 		<tfoot>
 			<tr>
-				<td colspan="2"><input name="save" type="hidden" value="1" /></td>
+				<td colspan="2"><input name="save" type="hidden" value="1" /><input type="hidden" name="checkss" value="{CHECKSS}" /></td>
 				<td><input name="go_change" type="submit" value="{SUBMIT}" class="btn btn-primary" /></td>
 			</tr>
 		</tfoot>