Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-26 17:10:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix security vulnerability in admin modules

Browse source 
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
This commit is contained in:
Hypolite Petovan 2020-09-08 10:44:27 -04:00
parent 9bc2c5a52e
commit 3efa8648c5
12 changed files with 29 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Module/Admin/Themes/Embed.php
View file

@ -38,7 +38,7 @@ class Embed extends BaseAdmin
public static function post(array $parameters = [])
{
parent::post($parameters);
self::checkAdminAccess();
$theme = Strings::sanitizeFilePathItem($parameters['theme']);
if (is_file("view/theme/$theme/config.php")) {