Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-26 01:50:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix security vulnerability in admin modules

Browse source 
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
This commit is contained in:
Hypolite Petovan 2020-09-08 10:44:27 -04:00
parent 9bc2c5a52e
commit 3efa8648c5
12 changed files with 29 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Module/Admin/Logs/Settings.php
View file

@ -31,7 +31,7 @@ class Settings extends BaseAdmin
{
public static function post(array $parameters = [])
{
parent::post($parameters);
self::checkAdminAccess();
if (empty($_POST['page_logs'])) {
return;