From 75d6f17eb5c2f21b5e27a79fc7ae7ed418a87c2f Mon Sep 17 00:00:00 2001 From: Focuslinks Digital Solutions Date: Sun, 9 Feb 2025 18:37:19 +0100 Subject: [PATCH] fix csrf token --- system/autoload/Csrf.php | 127 ++++++++++----------------- system/controllers/pluginmanager.php | 2 +- 2 files changed, 48 insertions(+), 81 deletions(-) diff --git a/system/autoload/Csrf.php b/system/autoload/Csrf.php index b7c7a170..57752a0e 100644 --- a/system/autoload/Csrf.php +++ b/system/autoload/Csrf.php @@ -6,83 +6,50 @@ **/ - class Csrf - { - private const int TOKEN_LENGTH = 16; - private const int TOKEN_EXPIRATION = 1800; - - /** - * Generate a CSRF token. - * - * @param int $length - * @return string - */ - public static function generateToken(int $length = self::TOKEN_LENGTH): string - { - return bin2hex(random_bytes($length)); - } - - /** - * Validate the provided CSRF token against the stored token. - * - * @param string $token - * @param string $storedToken - * @return bool - */ - public static function validateToken(string $token, string $storedToken): bool - { - return hash_equals($token, $storedToken); - } - - /** - * Check if the CSRF token is valid. - * - * @param string|null $token - * @return bool - */ - public static function check(?string $token): bool - { - global $config; - - if ($config['csrf_enabled'] === 'yes') { - if (isset($_SESSION['nux_csrf_token'], $_SESSION['nux_csrf_token_time'], $token)) { - $storedToken = $_SESSION['nux_csrf_token']; - $tokenTime = $_SESSION['nux_csrf_token_time']; - - if (time() - $tokenTime > self::TOKEN_EXPIRATION) { - self::clearToken(); - return false; - } - - return self::validateToken($token, $storedToken); - } - - return false; - } - - return true; // CSRF is disabled - } - - /** - * Generate and store a new CSRF token in the session. - * - * @return string - */ - public static function generateAndStoreToken(): string - { - $token = self::generateToken(); - $_SESSION['nux_csrf_token'] = $token; - $_SESSION['nux_csrf_token_time'] = time(); - return $token; - } - - /** - * Clear the stored CSRF token from the session. - * - * @return void - */ - public static function clearToken(): void - { - unset($_SESSION['nux_csrf_token'], $_SESSION['nux_csrf_token_time']); - } - } \ No newline at end of file +class Csrf +{ + private static $tokenExpiration = 1800; // 30 minutes + + public static function generateToken($length = 16) + { + return bin2hex(random_bytes($length)); + } + + public static function validateToken($token, $storedToken) + { + return hash_equals($token, $storedToken); + } + + public static function check($token) + { + global $config; + if($config['csrf_enabled'] == 'yes') { + if (isset($_SESSION['csrf_token'], $_SESSION['csrf_token_time'], $token)) { + $storedToken = $_SESSION['csrf_token']; + $tokenTime = $_SESSION['csrf_token_time']; + + if (time() - $tokenTime > self::$tokenExpiration) { + self::clearToken(); + return false; + } + + return self::validateToken($token, $storedToken); + } + return false; + } + return true; + } + + public static function generateAndStoreToken() + { + $token = self::generateToken(); + $_SESSION['csrf_token'] = $token; + $_SESSION['csrf_token_time'] = time(); + return $token; + } + + public static function clearToken() + { + unset($_SESSION['csrf_token'], $_SESSION['csrf_token_time']); + } +} diff --git a/system/controllers/pluginmanager.php b/system/controllers/pluginmanager.php index bbb2268c..4954dad5 100644 --- a/system/controllers/pluginmanager.php +++ b/system/controllers/pluginmanager.php @@ -38,7 +38,7 @@ switch ($action) { r2(getUrl('pluginmanager'), 's', 'Refresh success'); break; case 'dlinstall': - if ($_app_stage == 'demo') { + if ($_app_stage == 'Demo') { r2(getUrl('pluginmanager'), 'e', 'Demo Mode cannot install as it Security risk'); } if (!is_writeable($CACHE_PATH)) {