diff options
| -rw-r--r-- | admin/access.php | 14 | ||||
| -rw-r--r-- | admin/catalog.php | 17 | ||||
| -rw-r--r-- | admin/users.php | 8 | ||||
| -rw-r--r-- | config/ampache.cfg.php.dist | 4 | ||||
| -rw-r--r-- | democratic.php | 7 | ||||
| -rwxr-xr-x | docs/CHANGELOG | 4 | ||||
| -rw-r--r-- | lib/class/core.class.php | 12 | ||||
| -rw-r--r-- | lib/general.lib.php | 71 | ||||
| -rw-r--r-- | lib/init.php | 3 | ||||
| -rw-r--r-- | preferences.php | 8 | ||||
| -rw-r--r-- | radio.php | 5 | ||||
| -rw-r--r-- | register.php | 10 | ||||
| -rw-r--r-- | shout.php | 6 | ||||
| -rw-r--r-- | templates/show_access_list.inc.php | 4 | ||||
| -rw-r--r-- | templates/show_add_catalog.inc.php | 5 | ||||
| -rw-r--r-- | templates/show_add_live_stream.inc.php | 1 | ||||
| -rw-r--r-- | templates/show_add_shout.inc.php | 1 | ||||
| -rw-r--r-- | templates/show_create_democratic.inc.php | 1 | ||||
| -rw-r--r-- | templates/show_playlist_songs.inc.php | 3 |
19 files changed, 86 insertions, 98 deletions
diff --git a/admin/access.php b/admin/access.php index e4af598e..6a46c9f1 100644 --- a/admin/access.php +++ b/admin/access.php @@ -30,10 +30,20 @@ show_header(); switch ($_REQUEST['action']) { case 'delete_record': + if (!Core::form_verify('delete_access')) { + access_denied(); + exit; + } Access::delete($_REQUEST['access_id']); $url = Config::get('web_path') . '/admin/access.php'; show_confirmation(_('Deleted'),_('Your Access List Entry has been removed'),$url); break; + case 'show_delete_record': + if (Config::get('demo_mode')) { break; } + $access = new Access($_GET['access_id']); + show_confirmation(_('Deletion Request'),_('Are you sure you want to permanently delete') . ' ' . $access->name, + 'admin/access.php?action=delete_record&access_id=' . $access->id,1,'delete_access'); + break; case 'add_host': // Make sure we've got a valid form submission @@ -103,6 +113,10 @@ switch ($_REQUEST['action']) { } break; case 'update_record': + if (!Core::form_verify('edit_acl')) { + access_denied(); + exit; + } $access = new Access($_REQUEST['access_id']); $access->update($_POST); if (!Error::occurred()) { diff --git a/admin/catalog.php b/admin/catalog.php index bada8fad..619f96be 100644 --- a/admin/catalog.php +++ b/admin/catalog.php @@ -198,27 +198,32 @@ switch ($_REQUEST['action']) { ob_end_flush(); - if (!strlen($_REQUEST['path']) || !strlen($_REQUEST['name'])) { + if (!strlen($_POST['path']) || !strlen($_POST['name'])) { Error::add('general',_('Error: Name and path not specified')); } - if (substr($_REQUEST['path'],0,7) != 'http://' && $_REQUEST['type'] == 'remote') { + if (substr($_POST['path'],0,7) != 'http://' && $_POST['type'] == 'remote') { Error::add('general',_('Error: Remote selected, but path is not a URL')); } - if ($_REQUEST['type'] == 'remote' && !strlen($_REQUEST['key'])) { + if ($_POST['type'] == 'remote' && !strlen($_POST['key'])) { Error::add('general',_('Error: Remote Catalog specified, but no key provided')); } + if (!Core::form_verify('add_catalog','post')) { + access_denied(); + exit; + } + // Make sure that there isn't a catalog with a directory above this one - if (Catalog::get_from_path($_REQUEST['path'])) { + if (Catalog::get_from_path($_POST['path'])) { Error::add('general',_('Error: Defined Path is inside an existing catalog')); } // If an error hasn't occured if (!Error::occurred()) { - $catalog_id = Catalog::Create($_REQUEST); + $catalog_id = Catalog::Create($_POST); if (!$catalog_id) { require Config::get('prefix') . '/templates/show_add_catalog.inc.php'; @@ -228,7 +233,7 @@ switch ($_REQUEST['action']) { $catalog = new Catalog($catalog_id); // Run our initial add - $catalog->run_add($_REQUEST); + $catalog->run_add($_POST); show_box_top(); echo "<h2>" . _('Catalog Created') . "</h2>"; diff --git a/admin/users.php b/admin/users.php index 2726b740..9e6f138b 100644 --- a/admin/users.php +++ b/admin/users.php @@ -149,7 +149,11 @@ switch ($_REQUEST['action']) { require_once Config::get('prefix') . '/templates/show_edit_user.inc.php'; break; case 'confirm_delete': - if (Config::get('demo_mode')) { break; } + if (Config::get('demo_mode')) { break; } + if (!Core::form_verify('delete_user')) { + access_denied(); + exit; + } $client = new User($_REQUEST['user_id']); if ($client->delete()) { show_confirmation(_('User Deleted'), sprintf(_('%s has been Deleted'), $client->username), Config::get('web_path'). "/admin/users.php"); @@ -163,7 +167,7 @@ switch ($_REQUEST['action']) { $client = new User($_REQUEST['user_id']); show_confirmation(_('Deletion Request'), sprintf(_('Are you sure you want to permanently delete %s?'), $client->fullname), - Config::get('web_path')."/admin/users.php?action=confirm_delete&user_id=" . $_REQUEST['user_id'],1); + Config::get('web_path')."/admin/users.php?action=confirm_delete&user_id=" . $_REQUEST['user_id'],1,'delete_user'); break; /* Show IP History for the Specified User */ case 'show_ip_history': diff --git a/config/ampache.cfg.php.dist b/config/ampache.cfg.php.dist index 99fbe786..d215bf1d 100644 --- a/config/ampache.cfg.php.dist +++ b/config/ampache.cfg.php.dist @@ -78,9 +78,9 @@ session_cookiesecure = 0 ; Auth Methods ; This defines which auth methods vauth will attempt ; to use and in which order, if auto_create isn't enabled -; The user must exist locally as well +; The user must exist locally. Local method uses PHP's PAM Auth module ; DEFAULT: mysql -; VALUES: mysql,ldap,http +; VALUES: mysql,ldap,http, local auth_methods = "mysql" ;##################### diff --git a/democratic.php b/democratic.php index eda7bf63..923b8a38 100644 --- a/democratic.php +++ b/democratic.php @@ -49,7 +49,7 @@ switch ($_REQUEST['action']) { access_denied(); break; } - + Democratic::delete($_REQUEST['democratic_id']); $title = ''; @@ -63,6 +63,11 @@ switch ($_REQUEST['action']) { access_denied(); break; } + + if (!Core::form_verify('create_democratic')) { + access_denied(); + exit; + } $democratic = Democratic::get_current_playlist(); diff --git a/docs/CHANGELOG b/docs/CHANGELOG index 41fc2410..6159ea2b 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,10 @@ -------------------------------------------------------------------------- v.3.6-Alpha1 + - Added local auth method that uses PHP's PAM module + - Correct potential security issues due to misuse of REQUEST for write + operations rather then POST + (Thx Raphael Geissert <geissert@debian.org>) - Finished switching to Dba::read() Dba::write() for database calls (Thx dipsol) - Improved File pattern matching (Thx october.rust) diff --git a/lib/class/core.class.php b/lib/class/core.class.php index d93b542a..8ca59851 100644 --- a/lib/class/core.class.php +++ b/lib/class/core.class.php @@ -41,7 +41,7 @@ class Core { * This registers a form with a SID, inserts it into the session variables * and then returns a string for use in the HTML form */ - public static function form_register($name) { + public static function form_register($name,$type='post') { // Make ourselves a nice little sid $sid = md5(uniqid(rand(), true)); @@ -49,7 +49,15 @@ class Core { // Register it $_SESSION['forms'][$name] = array('sid'=>$sid,'expire'=>time() + Config::get('session_length')); - $string = '<input type="hidden" name="form_validation" value="' . $sid . '" />'; + switch ($type) { + default: + case 'post': + $string = '<input type="hidden" name="form_validation" value="' . $sid . '" />'; + break; + case 'get': + $string = $sid; + break; + } // end switch on type return $string; diff --git a/lib/general.lib.php b/lib/general.lib.php index 3c65c178..b488bc2b 100644 --- a/lib/general.lib.php +++ b/lib/general.lib.php @@ -467,75 +467,4 @@ function __autoload($class) { } // __autoload -/** - * win_checkdnsrr - * This is a windows emulation of the normal PHP functions - * not sure how I feel about the exec in here, but it's escaped - * this most likely won't work on a lot of systems - */ -function win_checkdnsrr($host, $type='MX') { - if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') { return; } - if (empty($host)) { return; } - $types=array('A', 'MX', 'NS', 'SOA', 'PTR', 'CNAME', 'AAAA', 'A6', 'SRV', 'NAPTR', 'TXT', 'ANY'); - if (!in_array($type,$types)) { - user_error("checkdnsrr() Type '$type' not supported", E_USER_WARNING); - return; - } - @exec('nslookup -type='.$type.' '.escapeshellcmd($host), $output); - foreach($output as $line){ - if (preg_match('/^'.$host.'/',$line)) { return true; } - } -} // win_checkdnsrr - -// See if the function exists, and return as needed -if (!function_exists('checkdnsrr')) { - function checkdnsrr($host, $type='MX') { - return win_checkdnsrr($host, $type); - } -} - -/** - * win_getmxrr - * This emulates the normal PHP function for getting MX records - * most likely won't work on systems due to use of exec - */ -function win_getmxrr($hostname, &$mxhosts, &$mxweight=false) { - if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') return; - if (!is_array ($mxhosts) ) $mxhosts = array(); - if (empty($hostname)) return; - $exec='nslookup -type=MX '.escapeshellarg($hostname); - @exec($exec, $output); - if (empty($output)) return; - $i=-1; - foreach ($output as $line) { - $i++; - if (preg_match("/^$hostname\tMX preference = ([0-9]+), mail exchanger = (.+)$/i", $line, $parts)) { - $mxweight[$i] = trim($parts[1]); - $mxhosts[$i] = trim($parts[2]); - } - if (preg_match('/responsible mail addr = (.+)$/i', $line, $parts)) { - $mxweight[$i] = $i; - $mxhosts[$i] = trim($parts[1]); - } - } - return ($i!=-1); -} // win_getmxrr - -// If no getmxrr return -if (!function_exists('getmxrr')) { - function getmxrr($hostname, &$mxhosts, &$mxweight=false) { - return win_getmxrr($hostname, $mxhosts, $mxweight); - } -} - -/** - * debug_print - * print_r with <pre> tag - */ -function debug_print($var) { - echo "<pre>"; - print_r($var); - echo "</pre>"; -} - ?> diff --git a/lib/init.php b/lib/init.php index cb20678f..7b0361d1 100644 --- a/lib/init.php +++ b/lib/init.php @@ -296,4 +296,7 @@ if (Config::get('debug')) { error_reporting(E_ALL); } +// Merge GET then POST into REQUEST effectivly striping COOKIE without depending on +// a PHP setting change to take affect +$_REQUEST = array_merge($_GET,$_POST); ?> diff --git a/preferences.php b/preferences.php index 546384bc..64763c67 100644 --- a/preferences.php +++ b/preferences.php @@ -24,7 +24,7 @@ require 'lib/init.php'; // Switch on the action switch($_REQUEST['action']) { case 'update_preferences': - if ($_REQUEST['method'] == 'admin' && !Access::check('interface','100')) { + if ($_POST['method'] == 'admin' && !Access::check('interface','100')) { access_denied(); exit; } @@ -35,7 +35,7 @@ switch($_REQUEST['action']) { } /* Reset the Theme */ - if ($_REQUEST['method'] == 'admin') { + if ($_POST['method'] == 'admin') { $user_id = '-1'; $fullname = _('Server'); $_REQUEST['action'] = 'admin'; @@ -63,8 +63,8 @@ switch($_REQUEST['action']) { exit; } - update_preferences($_REQUEST['user_id']); - header("Location: " . Config::get('web_path') . "/admin/users.php?action=show_preferences&user_id=" . scrub_out($_REQUEST['user_id'])); + update_preferences($_POST['user_id']); + header("Location: " . Config::get('web_path') . "/admin/users.php?action=show_preferences&user_id=" . scrub_out($_POST['user_id'])); break; case 'admin': // Make sure only admins here @@ -40,6 +40,11 @@ switch ($_REQUEST['action']) { exit; } + if (!Core::form_verify('add_radio','post')) { + access_denied(); + exit; + } + // Try to create the sucker $results = Radio::create($_POST); diff --git a/register.php b/register.php index bd90b1a2..73dbe87c 100644 --- a/register.php +++ b/register.php @@ -60,11 +60,11 @@ switch ($_REQUEST['action']) { * possibly by logging them in right then and there with their current info * and 'click here to login' would just be a link back to index.php */ - $fullname = scrub_in($_REQUEST['fullname']); - $username = scrub_in($_REQUEST['username']); - $email = scrub_in($_REQUEST['email']); - $pass1 = scrub_in($_REQUEST['password_1']); - $pass2 = scrub_in($_REQUEST['password_2']); + $fullname = scrub_in($_POST['fullname']); + $username = scrub_in($_POST['username']); + $email = scrub_in($_POST['email']); + $pass1 = scrub_in($_POST['password_1']); + $pass2 = scrub_in($_POST['password_2']); /* If we're using the captcha stuff */ if (Config::get('captcha_public_reg')) { @@ -30,6 +30,12 @@ switch ($_REQUEST['action']) { access_denied(); exit; } + + if (!Core::form_verify('add_shout','post')) { + access_denied(); + exit; + } + $shout_id = shoutBox::create($_POST); header("Location:" . Config::get('web_path')); break; diff --git a/templates/show_access_list.inc.php b/templates/show_access_list.inc.php index 48ad4ce8..163c410b 100644 --- a/templates/show_access_list.inc.php +++ b/templates/show_access_list.inc.php @@ -57,7 +57,6 @@ <th><?php echo _('End Address'); ?></th> <th><?php echo _('Level'); ?></th> <th><?php echo _('User'); ?></th> - <th><?php echo _('Key'); ?></th> <th><?php echo _('Type'); ?></th> <th><?php echo _('Action'); ?></th> </tr> @@ -73,11 +72,10 @@ <td><?php echo $access->f_end; ?></td> <td><?php echo $access->f_level; ?></td> <td><?php echo $access->f_user; ?></td> - <td><?php echo $access->key; ?></td> <td><?php echo $access->f_type; ?></td> <td> <a href="<?php echo Config::get('web_path'); ?>/admin/access.php?action=show_edit_record&access_id=<?php echo scrub_out($access->id); ?>"><?php echo get_user_icon('edit', _('Edit')); ?></a> - <a href="<?php echo Config::get('web_path'); ?>/admin/access.php?action=delete_record&access_id=<?php echo scrub_out($access->id); ?>"><?php echo get_user_icon('delete', _('Delete')); ?></a> + <a href="<?php echo Config::get('web_path'); ?>/admin/access.php?action=show_delete_record&access_id=<?php echo scrub_out($access->id); ?>"><?php echo get_user_icon('delete', _('Delete')); ?></a> </td> </tr> <?php } // end foreach ?> diff --git a/templates/show_add_catalog.inc.php b/templates/show_add_catalog.inc.php index ee0dfef3..798df257 100644 --- a/templates/show_add_catalog.inc.php +++ b/templates/show_add_catalog.inc.php @@ -30,7 +30,7 @@ $default_sort = "%a/%A"; <table class="tabledata" cellpadding="0" cellspacing="0"> <tr> <td><?php echo _('Catalog Name'); ?>: </td> - <td><input size="60" type="text" name="name" value="<?php echo $_REQUEST['name']; ?>" /></td> + <td><input size="60" type="text" name="name" value="<?php echo scrub_out($_POST['name']); ?>" /></td> <td style="vertical-align:top; font-family: monospace;" rowspan="6"> <strong><?php echo _('Auto-inserted Fields'); ?>:</strong><br /> %A = <?php echo _('album name'); ?><br /> @@ -45,7 +45,7 @@ $default_sort = "%a/%A"; <tr> <td><?php echo _('Path'); ?>: </td> - <td><input size="60" type="text" name="path" value="<?php echo $_REQUEST['path']; ?>" /></td> + <td><input size="60" type="text" name="path" value="<?php echo scrub_out($_POST['path']); ?>" /></td> </tr> <tr> <td><?php echo _('Catalog Type'); ?>: </td> @@ -85,6 +85,7 @@ $default_sort = "%a/%A"; </table> <div class="formValidation"> <input type="hidden" name="action" value="add_catalog" /> + <?php echo Core::form_register('add_catalog'); ?> <input class="button" type="submit" value="<?php echo _('Add Catalog'); ?>" /> </div> </form> diff --git a/templates/show_add_live_stream.inc.php b/templates/show_add_live_stream.inc.php index f9b12e98..bd4e1597 100644 --- a/templates/show_add_live_stream.inc.php +++ b/templates/show_add_live_stream.inc.php @@ -65,6 +65,7 @@ </tr> </table> <div class="formValidation"> + <?php echo Core::form_register('add_radio'); ?> <input class="button" type="submit" value="<?php echo _('Add'); ?>" /> </div> </form> diff --git a/templates/show_add_shout.inc.php b/templates/show_add_shout.inc.php index 05e27cf5..7f9afbee 100644 --- a/templates/show_add_shout.inc.php +++ b/templates/show_add_shout.inc.php @@ -36,6 +36,7 @@ <?php } ?> <tr> <td> + <?php echo Core::form_register('add_shout'); ?> <input type="hidden" name="object_id" value="<?php echo $object->id; ?>" /> <input type="hidden" name="object_type" value="<?php echo strtolower(get_class($object)); ?>" /> <input type="submit" value="<?php echo _('Create'); ?>" /> diff --git a/templates/show_create_democratic.inc.php b/templates/show_create_democratic.inc.php index 64bbf40f..1ff6d698 100644 --- a/templates/show_create_democratic.inc.php +++ b/templates/show_create_democratic.inc.php @@ -56,6 +56,7 @@ show_box_top(_('Configure Democratic Playlist')); ?> </tr> </table> <div class="formValidation"> + <?php echo Core::form_register('create_democratic'); ?> <input type="submit" value="<?php echo _('Update'); ?>" /> </div> </form> diff --git a/templates/show_playlist_songs.inc.php b/templates/show_playlist_songs.inc.php index bafc8df2..7ae2dd90 100644 --- a/templates/show_playlist_songs.inc.php +++ b/templates/show_playlist_songs.inc.php @@ -72,6 +72,9 @@ $ajax_url = Config::get('ajax_url'); <th class="cel_genre"><?php echo _('Genre'); ?></th> <th class="cel_track"><?php echo _('Track'); ?></th> <th class="cel_time"><?php echo _('Time'); ?></th> +<?php if (Config::get('ratings')) { ?> + <th class="cel_rating"><?php echo _('Rating'); ?></th> +<?php } ?> <th class="cel_action"><?php echo _('Action'); ?></th> </tr> </table> |