Point808/LobbySIO
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vulnerability remediation

Browse Source
This commit is contained in:
Josh North
2021-05-28 15:31:54 -04:00
parent 2a8ee2d90f
commit 9043ccb0e2
18 changed files with 316 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
inc/header.inc.php
View File

@@ -21,8 +21,10 @@
//ini_set('session.gc_divisor', 100); // TIMES
//session_save_path('.tmp'); // TEMP
//session_start(); // START
//ini_set("session. cookie_httponly", 1);
require_once __DIR__ . '/../autoload.php'; // AUTOLOAD
use App\LobbySIO\Config\Registry;
use App\LobbySIO\Misc\Csrf; // ANTICSRF
$Users = new \App\LobbySIO\Database\Users();
if (Registry::AUTHMETHOD == 'SAML') {
//simplesaml
@@ -78,8 +80,12 @@
$timeplus = new DateTime($StaticFunctions->getUTC(), new DateTimeZone('UTC')); // DUMB WAY TO CALCULATE SOME TIMES
$timeplus->setTimezone(new DateTimeZone("$timezone"));
$timenow = $timeplus->format('Y-m-d H:i:s');
header("X-Frame-Options: SAMEORIGIN");
header("Content-Security-Policy: frame-ancestors 'none'", false);
if (!empty($_GET['a'])) {
echo '<pre>' . print_r($_POST, true) . '</pre>';
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
}
?>
<!doctype html>
<html lang="<?php echo $app_disp_lang; ?>">
@@ -163,6 +169,7 @@
<!-- END NAVBAR MENU FOR ALL LOGGED IN - BOTTOM END -->
<?php endif; ?>
<form action="changelang.php" method="post" name="changelang" class="changelang">
<?php echo Csrf::getInputToken('home') ?>
<div class="input-group">
<select class="form-select btn-outline-secondary" id="app_disp_lang" name="app_disp_lang">
<?php foreach(glob('src/Language/*.ini') as $file){
@@ -187,6 +194,7 @@
</div>
<div class="modal-body">
<form class="row g-3" action="changesite.php" method="post">
<?php echo Csrf::getInputToken('home') ?>
<div class="input-group">
<select class="form-select" id="site" aria-label="Site" name="site" required>
<?php foreach($SiteInfo->getSite("0", $uid, "0", "0") as $row): ?>