Merge branch 'ent-10018-Vulnerabilidad-CSRF' into 'develop'

fixed csrf See merge request artica/pandorafms!5336
2022-12-20 17:50:21 +00:00 · 2022-12-20 17:50:21 +00:00 · 5934b02738
parent 7091654e65 26426c1bfa
commit 5934b02738
2 changed files with 12 additions and 0 deletions
--- a/pandora_console/godmode/setup/setup_auth.php
+++ b/pandora_console/godmode/setup/setup_auth.php
@ -77,6 +77,7 @@ if (is_ajax()) {
                    true
                ).'&nbsp;&nbsp;';
                $table->data['autocreate_remote_users'] = $row;
+                $table->data['csrf_token'] = html_print_csrf_hidden();

                add_enterprise_auth_autocreate_profiles($table, $type_auth);
            }
@ -475,6 +476,8 @@ if (!is_metaconsole()) {
    html_print_input_hidden('hash_save_config', md5('save'.$config['dbpass']));
 }

+html_print_csrf_hidden();
+
 html_print_table($table);
 echo '<div id="table_auth_result"></div>';
 echo '<div class="action-buttons" style="width: '.$table->width.'">';
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@ -523,6 +523,15 @@ function config_update_config()
                break;

                case 'auth':
+                    $validatedCSRF = validate_csrf_code();
+
+                    // CSRF Validation.
+                    if ($validatedCSRF === false) {
+                        include_once 'general/login_page.php';
+                        // Finish the execution.
+                        exit('</html>');
+                    }
+
                    // AUTHENTICATION SETUP.
                    if (config_update_value('auth', get_parameter('auth'), true) === false) {
                        $error_update[] = __('Authentication method');