Point808/LobbySIO
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vulnerability mitigation - revert secure cookies by default

Browse Source
This commit is contained in:
Josh North
2021-06-01 10:52:51 -04:00
parent 0a39b60eee
commit c2fb21c570
19 changed files with 106 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
users.php
View File

@@ -23,7 +23,7 @@
ini_set('session.use_only_cookies', '1');
ini_set('session.cookie_secure', '1');
ini_set('session.cookie_httponly', '1');
ini_set('session.cookie_samesite', 'Strict');
ini_set('session.cookie_samesite', 'Lax');
session_save_path('.tmp'); // TEMP
session_start(); // START
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
@@ -293,7 +293,7 @@ if (0 === $row_count): else: $page_count = (int)ceil($row_count / $StaticFunctio
<h2><?php echo $app_current_pageicon . $transLang['USERS']; ?></h2>
</div>
<div class="col-sm">
<button type="button" class="btn btn-block btn-lg btn-success" data-toggle="modal" data-target="#addUserModal"><?php echo $transLang['ADD_USER']; ?></button>
<button type="button" class="btn btn-block btn-lg btn-success" data-bs-toggle="modal" data-bs-target="#addUserModal"><?php echo $transLang['ADD_USER']; ?></button>
</div>
</div>
<?php echo '<ul class="pagination pagination-sm"><li class="page-item disabled"><a class="page-link" href="#" tabindex="-1">' . $transLang['PAGE'] . '</a></li>'; for ($i = 1; $i <= $page_count; $i++): echo '<li class="page-item'; if ($i === $page_num): echo ' active'; else: echo ' '; endif; echo '"><a class="page-link" href="' . $_SERVER['PHP_SELF'] . '?pnum=' . $i . '">' . $i . '</a></li>'; endfor; echo '</ul>'; ?>
@@ -336,6 +336,8 @@ if (0 === $row_count): else: $page_count = (int)ceil($row_count / $StaticFunctio
$minpasslength = $StaticFunctions->getMinPass();
?>
<!-- MODAL START -->
<div class="modal fade" id="addUserModal" tabindex="-1" role="dialog" aria-labelledby="Site" aria-hidden="true">
<div class="modal-dialog" role="document">
@@ -445,7 +447,7 @@ if (0 === $row_count1): else: $page_count1 = (int)ceil($row_count1 / $StaticFunc
<h2><?php echo $app_current_pageicon . $transLang['SITE']; ?></h2>
</div>
<div class="col-sm">
<button type="button" class="btn btn-block btn-lg btn-success" data-toggle="modal" data-target="#addSiteModal"><?php echo $transLang['ADD_SITE']; ?></button>
<button type="button" class="btn btn-success btn-lg" data-bs-toggle="modal" data-bs-target="#addSiteModal"><?php echo $transLang['ADD_SITE']; ?></button>
</div>
</div>
<?php echo '<ul class="pagination pagination-sm"><li class="page-item disabled"><a class="page-link" href="#" tabindex="-1">' . $transLang['PAGE'] . '</a></li>'; for ($i1 = 1; $i1 <= $page_count1; $i1++): echo '<li class="page-item'; if ($i1 === $page_num1): echo ' active'; else: echo ' '; endif; echo '"><a class="page-link" href="' . $_SERVER['PHP_SELF'] . '?pnum1=' . $i1 . '">' . $i1 . '</a></li>'; endfor; echo '</ul>'; ?>
@@ -470,60 +472,65 @@ if (0 === $row_count1): else: $page_count1 = (int)ceil($row_count1 / $StaticFunc
$minpasslength = $StaticFunctions->getMinPass();
?>
<!-- MODAL START -->
<div class="modal fade" id="addSiteModal" tabindex="-1" role="dialog" aria-labelledby="Site" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="AddSite"><?php echo $transLang['ADD_SITE']; ?></h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body">
<form class="form-inline my-2 my-lg-0" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="row">
<div class="col-sm">
<p class="lead"><?php echo $transLang['ADD_SITE']; ?></p>
</div>
</div>
<fieldset id="registration">
<div class="form-group">
<div class="row">
<div class="col-sm">
<input type="text" class="form-control" id="sitename" name="sitename" placeholder="Site Name" required />
</div>
<div class="col-sm">
<select class="form-control" id="timezone" name="timezone" required>
<option value=""><?php echo $transLang['TIMEZONE']; ?></option>
<?php foreach(DateTimeZone::listIdentifiers(DateTimeZone::ALL) as $row2) { ?><option><?php echo $row2; ?></option><?php }; ?>
</select>
</div>
</div>
<div class="row">
<div class="col-sm">
<select class="form-control" id="region" name="region" required>
<option value=""><?php echo $transLang['REGION']; ?></option>
<option>CAN</option>
<option>EMEA</option>
<option>US</option>
</select>
</div>
<div class="col-sm">
<button type="submit" class="form-control btn btn-block btn-primary" value="Submit" name="newsite"><i class="fa fa-user-plus"></i> <?php echo $transLang['ADD_SITE']; ?></button>
</div>
</div>
</div>
</fieldset>
</form>
</div>
</div>
</div>
<!-- START ADDSITE MODAL -->
<div class="modal fade" id="addSiteModal" tabindex="-1" role="dialog">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="AddSite"><?php echo $transLang['ADD_SITE']; ?></h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<!-- MODAL END -->
<!-- SITE MGMT END -->
<div class="modal-body">
<form class="form form-approve" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="row row-cols-1">
<div class="col d-grid gap-2">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text"><?php echo $transLang['NAME']; ?></span>
<input type="text" class="form-control" id="sitename" name="sitename" required />
</div>
</div>
</div>
<div class="row row-cols-1">
<div class="col d-grid gap-2">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text"><?php echo $transLang['TIMEZONE']; ?></span>
<select class="form-control" id="timezone" name="timezone" required>
<option value=""><?php echo $transLang['TIMEZONE']; ?></option>
<?php foreach(DateTimeZone::listIdentifiers(DateTimeZone::ALL) as $row2) { ?>
<option><?php echo $row2; ?></option>
<?php }; ?>
</select>
</div>
</div>
</div>
<div class="row row-cols-1">
<div class="col d-grid gap-2">
<div class="input-group input-group-sm mb-0">
<span class="input-group-text"><?php echo $transLang['NAME']; ?></span>
<select class="form-control" id="region" name="region" required>
<option value=""><?php echo $transLang['REGION']; ?></option>
<option>CAN</option>
<option>EMEA</option>
<option>US</option>
</select>
</div>
</div>
</div>
<div class="row row-cols-1">
<div class="col d-grid gap-2">
<button type="button" class="btn btn-secondary btn-sm" data-dismiss="modal"><?php echo $transLang['CANCEL']; ?></button>
<button type="submit" class="btn btn-success btn-sm" value="Submit" name="newsite"><i class="fas fa-user-plus"></i>&nbsp;<?php echo $transLang['ADD_SITE']; ?></button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
<!-- END ADDSITE MODAL -->
<!-- END PAGE -->
<!-- CONTENT END -->
<?php }; require_once("inc/footer.inc.php");
<?php }; require_once("inc/footer.inc.php"); ?>