From 96a47e5d480e6c5b3aab1884a8536ec4b8ca2fab Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 13 Jan 2010 09:20:36 +0100 Subject: fixed information leakage in ACL plugin FS#1847 --- lib/plugins/acl/ajax.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/plugins/acl/ajax.php') diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php index 54eaa8dc7..97fae2ad1 100644 --- a/lib/plugins/acl/ajax.php +++ b/lib/plugins/acl/ajax.php @@ -16,9 +16,11 @@ require_once(DOKU_INC.'inc/init.php'); require_once(DOKU_INC.'inc/common.php'); require_once(DOKU_INC.'inc/pageutils.php'); require_once(DOKU_INC.'inc/auth.php'); -//close sesseion +//close session session_write_close(); +if(!auth_ismanager()) die('forbidden'); + $ID = getID(); if(!auth_isadmin) die('for admins only'); @@ -42,6 +44,7 @@ if($ajax == 'info'){ if($ns == '*'){ $ns =''; } + $ns = cleanID($ns); $lvl = count(explode(':',$ns)); $ns = utf8_encodeFN(str_replace(':','/',$ns)); -- cgit v1.2.3 From 8c5215b744582107f352aa4ccea4182296674250 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 13 Jan 2010 09:40:30 +0100 Subject: another fix for FS#1847 + msg increased --- lib/plugins/acl/ajax.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/plugins/acl/ajax.php') diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php index 97fae2ad1..e383f0d35 100644 --- a/lib/plugins/acl/ajax.php +++ b/lib/plugins/acl/ajax.php @@ -19,7 +19,7 @@ require_once(DOKU_INC.'inc/auth.php'); //close session session_write_close(); -if(!auth_ismanager()) die('forbidden'); +if(!auth_isadmin()) die('forbidden'); $ID = getID(); -- cgit v1.2.3 From d7554c0bb25241c1299af28785878d31ad02dbad Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 17 Jan 2010 10:52:59 +0100 Subject: Added CRSF security token checks in ACL plugin --- lib/plugins/acl/ajax.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/plugins/acl/ajax.php') diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php index e383f0d35..d3e88d932 100644 --- a/lib/plugins/acl/ajax.php +++ b/lib/plugins/acl/ajax.php @@ -19,11 +19,11 @@ require_once(DOKU_INC.'inc/auth.php'); //close session session_write_close(); -if(!auth_isadmin()) die('forbidden'); +if(!auth_isadmin()) die('for admins only'); +if(!checkSecurityToken()) die('CRSF Attack'); $ID = getID(); -if(!auth_isadmin) die('for admins only'); require_once(DOKU_INC.'inc/pluginutils.php'); require_once(DOKU_INC.'inc/html.php'); $acl = plugin_load('admin','acl'); -- cgit v1.2.3 From c2a6d81662045023bdf1617b6b49f71c274d55ca Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Mon, 1 Feb 2010 16:10:25 +0100 Subject: plugin related autoloading This patch moved the place where DOKU_PLUGIN is defined. It no longer can be set from a normal config (only via preload) --- lib/plugins/acl/ajax.php | 6 ------ 1 file changed, 6 deletions(-) (limited to 'lib/plugins/acl/ajax.php') diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php index d3e88d932..d91586a5d 100644 --- a/lib/plugins/acl/ajax.php +++ b/lib/plugins/acl/ajax.php @@ -13,9 +13,6 @@ if(!count($_POST) && $HTTP_RAW_POST_DATA){ if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../../'); require_once(DOKU_INC.'inc/init.php'); -require_once(DOKU_INC.'inc/common.php'); -require_once(DOKU_INC.'inc/pageutils.php'); -require_once(DOKU_INC.'inc/auth.php'); //close session session_write_close(); @@ -24,8 +21,6 @@ if(!checkSecurityToken()) die('CRSF Attack'); $ID = getID(); -require_once(DOKU_INC.'inc/pluginutils.php'); -require_once(DOKU_INC.'inc/html.php'); $acl = plugin_load('admin','acl'); $acl->handle(); @@ -35,7 +30,6 @@ header('Content-Type: text/html; charset=utf-8'); if($ajax == 'info'){ $acl->_html_info(); }elseif($ajax == 'tree'){ - require_once(DOKU_INC.'inc/search.php'); global $conf; global $ID; -- cgit v1.2.3