Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-20 15:50:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix security vulnerability in admin modules

Browse source 
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
This commit is contained in:
Hypolite Petovan 2020-09-08 10:44:27 -04:00
parent 9bc2c5a52e
commit 3efa8648c5
12 changed files with 29 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Module/Admin/PhpInfo.php
View file

@ -27,7 +27,7 @@ class PhpInfo extends BaseAdmin
{
public static function rawContent(array $parameters = [])
{
parent::rawContent($parameters);
self::checkAdminAccess();
phpinfo();
exit();