Fix CSRF for modules database

Author: VINADES.,JSC

admin/database/sampledata.php

@@ -65,28 +65,13 @@
         nv_htmlOutput('Wrong URL');
     }
     $sname = nv_strtolower(nv_substr($nv_Request->get_title('sname', 'post', ''), 0, 50));
-    if (preg_match('/^([a-z0-9]+)$/', $sname) and file_exists(NV_ROOTDIR . '/install/samples/data_' . $sname . '.php')) {
+    if ($nv_Request->get_string('delete', 'post') == md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $sname) and preg_match('/^([a-z0-9]+)$/', $sname) and file_exists(NV_ROOTDIR . '/install/samples/data_' . $sname . '.php')) {
         nv_deletefile(NV_ROOTDIR . '/install/samples/data_' . $sname . '.php');
         nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['sampledata'], 'Delete: ' . $sname, $admin_info['userid']);
     }
     nv_htmlOutput('OK');
 }
 
-// Tải về file dữ liệu
-if ($nv_Request->isset_request('downloadfile', 'get')) {
-    $sample_name = nv_strtolower(nv_substr($nv_Request->get_title('sample_name', 'get', ''), 0, 50));
-
-    if (!file_exists($file_data_dump) or !preg_match('/^([a-z0-9]+)$/', $sample_name)) {
-        nv_redirect_location(NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=' . $op);
-    }
-
-    nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['sampledata'], 'Manual Download: ' . $sample_name, $admin_info['userid']);
-
-    $download = new NukeViet\Files\Download($file_data_dump, NV_ROOTDIR . '/' . NV_TEMP_DIR, 'data_' . $sample_name . '.php');
-    $download->download_file();
-    exit();
-}
-
 // Tiến trình quét bằng AJAX
 if ($nv_Request->isset_request('startwrite', 'get')) {
     if ($sys_info['ini_set_support']) {
@@ -355,6 +340,7 @@
     $xtpl->parse('main.empty');
 } else {
     foreach ($array as $row) {
+        $row['checkss'] = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $row['title']);
         $xtpl->assign('ROW', $row);
         $xtpl->parse('main.data.loop');
     }

admin/database/setting.php

@@ -15,13 +15,13 @@
 $page_title = $lang_global['mod_settings'];
 $array_sql_ext = array( 'sql', 'gz' );
 
-$errormess = '';
 $array_config_global = array();
 $array_config_global['dump_backup_day'] = $global_config['dump_backup_day'];
 $array_config_global['dump_backup_ext'] = $global_config['dump_backup_ext'];
 $array_config_global['dump_interval'] = $global_config['dump_interval'];
 
-if ($nv_Request->isset_request('submit', 'post')) {
+$checkss = md5(NV_CHECK_SESSION . '_' . $module_name . '_' . $op . '_' . $admin_info['userid']);
+if ($checkss == $nv_Request->get_string('checkss', 'post')) {
     $array_config_global = array();
     $array_config_global['dump_backup_ext'] = $nv_Request->get_title('dump_backup_ext', 'post', '', 1);
     $array_config_global['dump_autobackup'] = $nv_Request->get_int('dump_autobackup', 'post');
@@ -56,6 +56,7 @@
 $xtpl->assign('LANG', $lang_module);
 $xtpl->assign('GLANG', $lang_global);
 $xtpl->assign('DATA', $array_config_global);
+$xtpl->assign('CHECKSS', $checkss);
 
 foreach ($array_sql_ext as $ext_i) {
     $xtpl->assign('BACKUPEXTSELECTED', ($ext_i == $array_config_global['dump_backup_ext']) ? ' selected="selected"' : '');

themes/admin_default/js/database.js

@@ -83,9 +83,9 @@ function nv_show_highlight(tp) {
 	return false;
 }
 
-function nv_delete_sampledata(sname) {
+function nv_delete_sampledata(sname, checkss) {
 	if (confirm(nv_is_del_confirm[0])) {
-		$.post(script_name + '?' + nv_name_variable + '=' + nv_module_name + '&' + nv_fc_variable + '=sampledata&nocache=' + new Date().getTime(), 'delete=1&sname=' + encodeURIComponent(sname), function(res) {
+        $.post(script_name + '?' + nv_name_variable + '=' + nv_module_name + '&' + nv_fc_variable + '=sampledata&nocache=' + new Date().getTime(), 'delete=' + checkss + '&sname=' + encodeURIComponent(sname), function(res) {
 			window.location.reload(true);
 		});
 	}

themes/admin_default/modules/database/sampledata.tpl

@@ -53,7 +53,7 @@
                         <div class="col-sm-16"><strong>{ROW.title}</strong></div>
                         <div class="col-sm-8">
                             {ROW.creattime}
-                            <a href="javascript:void(0);" class="pull-right text-danger" onclick="nv_delete_sampledata('{ROW.title}');"><i class="fa fa-trash-o"></i></a>
+                            <a href="javascript:void(0);" class="pull-right text-danger" onclick="nv_delete_sampledata('{ROW.title}', '{ROW.checkss}');"><i class="fa fa-trash-o"></i></a>
                         </div>
                     </div>
                 </div>

themes/admin_default/modules/database/setting.tpl

@@ -4,7 +4,7 @@
 		<table class="table table-striped table-bordered table-hover">
 			<tfoot>
 				<tr>
-					<td colspan="2"><input type="submit" name="submit" value="{LANG.submit}" class="btn btn-primary" /></td>
+					<td colspan="2"><input type="hidden" name="checkss" value="{CHECKSS}" /><input type="submit" name="submit" value="{LANG.submit}" class="btn btn-primary" /></td>
 				</tr>
 			</tfoot>
 			<tbody>