Point808/LobbySIO
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vulnerability mitigation - revert secure cookies by default

Browse Source
This commit is contained in:
Josh North
2021-06-01 10:52:51 -04:00
parent 0a39b60eee
commit c2fb21c570
19 changed files with 106 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
inc/header.inc.php
View File

@@ -82,7 +82,7 @@
$timenow = $timeplus->format('Y-m-d H:i:s');
header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff");
header("Content-Security-Policy: script-src 'self'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
if (!empty($_GET['a'])) {
echo '<pre>' . print_r($_POST, true) . '</pre>';
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
@@ -159,7 +159,7 @@
<!-- START NAVBAR MENU FOR ALL LOGGED IN - BOTTOM END -->
</ul>
<ul class="navbar-nav mr-sm-2">
<li class="nav-item"><a class="nav-link<?php $sname=$SiteInfo->getSite($siteid, "0", "0", "0")[0]["sites_name"]; if($sname=="NOSITE") { echo " btn btn-sm btn-outline-warning"; } else { echo " btn btn-sm btn-outline-secondary"; }; ?>" href="#" data-toggle="modal" data-target="#sitetimeModal"><i class="fas fa-map-marker-alt"></i> <?php if ($sname=="NOSITE") {echo $transLang['NOSITE'];} else { echo $sname; } ?></a></li>
<li class="nav-item"><a class="nav-link<?php $sname=$SiteInfo->getSite($siteid, "0", "0", "0")[0]["sites_name"]; if($sname=="NOSITE") { echo " btn btn-sm btn-outline-warning"; } else { echo " btn btn-sm btn-outline-secondary"; }; ?>" href="#" data-bs-toggle="modal" data-bs-target="#sitetimeModal"><i class="fas fa-map-marker-alt"></i> <?php if ($sname=="NOSITE") {echo $transLang['NOSITE'];} else { echo $sname; } ?></a></li>
<?php if (Registry::AUTHMETHOD == 'SAML') { ?>
<!-- SAML SESSION BUTTONS -->
<li class="nav-item"><a class="nav-link btn btn-sm btn-outline-danger<?php if ($app_current_pagename==$transLang['LOGOUT']): echo " active"; endif; ?>" href="<?php echo str_replace("http%3A%2F%2F","https%3A%2F%2F",$auth->getLogoutURL()); ?>"><span class="badge bg-light text-dark"><?php echo $session_user["0"]["users_firstname"] . " " . $session_user["0"]["users_lastname"];?></span> <i class="fas fa-ban"></i> <?php echo $transLang['LOGOUT']; ?></a></li>