security issue

author: Maryana Rozhankivska <mariroz@mr.lviv.ua> 2014-07-24 16:48:41 +0300
committer: Maryana Rozhankivska <mariroz@mr.lviv.ua> 2014-07-24 16:48:41 +0300
commit: 7dd8b5026d0ae52fc5be001ee224aac72f3e7b25 (patch)
tree: 333ac92d8182ff498361c45f38bfea6aa66b84ea /inc
parent: 6da20812ce04e3e45c21c6da640d6ccde91e8c38 (diff)
download: wallabag-7dd8b5026d0ae52fc5be001ee224aac72f3e7b25.tar.gz
wallabag-7dd8b5026d0ae52fc5be001ee224aac72f3e7b25.tar.zst
wallabag-7dd8b5026d0ae52fc5be001ee224aac72f3e7b25.zip
2 files changed, 45 insertions, 42 deletions
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index a49413f2..098dd7c1 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -750,8 +750,8 @@ class Poche
            die(sprintf(_('User with this id (%d) does not exist.'), $user_id));
        }
-        if (!in_array($type, $allowed_types) || $token != $config['token']) {
+        if (!in_array($type, $allowed_types) || !isset($config['token']) || $token != $config['token']) {
-            die(_('Uh, there is a problem while generating feeds.'));
+            die(_('Uh, there is a problem while generating feed. Wrong token used?'));
        }
        $feed = new FeedWriter(RSS2);
diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php
index eb4c4d90..653fa900 100644..100755
--- a/inc/poche/Routing.class.php
+++ b/inc/poche/Routing.class.php
@@ -97,50 +97,53 @@ class Routing
    private function _launchAction()
    {
-        if (isset($_GET['login'])) {
+        if (isset($_GET['login'])) {
-            // hello you
+                // hello to you
-            $this->wallabag->login($this->referer);
+                $this->wallabag->login($this->referer);
-        } elseif (isset($_GET['logout'])) {
+        } elseif (isset($_GET['feed']) && isset($_GET['user_id'])) {
-            // see you soon !
+            $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
-            $this->wallabag->logout();
+            $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
-        } elseif (isset($_GET['config'])) {
+        }
-            // update password
+        
-            $this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']);
+        //allowed ONLY to logged in user
-        } elseif (isset($_GET['newuser'])) {
+        if ( \Session::isLogged() === true ) 
-            $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']);
+        {
-        } elseif (isset($_GET['deluser'])) {
+            if (isset($_GET['logout'])) {
-            $this->wallabag->deleteUser($_POST['password4deletinguser']);
+                // see you soon !
-        } elseif (isset($_GET['epub'])) {
+                $this->wallabag->logout();
-            $epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']);
+            } elseif (isset($_GET['config'])) {
-            $epub->run();
+                // update password
-        } elseif (isset($_GET['import'])) {
+                $this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']);
-            $import = $this->wallabag->import();
+            } elseif (isset($_GET['newuser'])) {
-            $tplVars = array_merge($this->vars, $import);
+                $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']);
-        } elseif (isset($_GET['download'])) {
+            } elseif (isset($_GET['deluser'])) {
-            Tools::downloadDb();
+                $this->wallabag->deleteUser($_POST['password4deletinguser']);
-        } elseif (isset($_GET['empty-cache'])) {
+            } elseif (isset($_GET['epub'])) {
-            Tools::emptyCache();
+                $epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']);
-        } elseif (isset($_GET['export'])) {
+                $epub->run();
-            $this->wallabag->export();
+            } elseif (isset($_GET['import'])) {
-        } elseif (isset($_GET['updatetheme'])) {
+                $import = $this->wallabag->import();
-            $this->wallabag->tpl->updateTheme($_POST['theme']);
+                $tplVars = array_merge($this->vars, $import);
-        } elseif (isset($_GET['updatelanguage'])) {
+            } elseif (isset($_GET['download'])) {
-            $this->wallabag->language->updateLanguage($_POST['language']);
+                Tools::downloadDb();
-        } elseif (isset($_GET['uploadfile'])) {
+            } elseif (isset($_GET['empty-cache'])) {
-            $this->wallabag->uploadFile();
+                Tools::emptyCache();
-        } elseif (isset($_GET['feed'])) {
+            } elseif (isset($_GET['export'])) {
-            if (isset($_GET['action']) && $_GET['action'] == 'generate') {
+                $this->wallabag->export();
+            } elseif (isset($_GET['updatetheme'])) {
+                $this->wallabag->tpl->updateTheme($_POST['theme']);
+            } elseif (isset($_GET['updatelanguage'])) {
+                $this->wallabag->language->updateLanguage($_POST['language']);
+            } elseif (isset($_GET['uploadfile'])) {
+                $this->wallabag->uploadFile();
+            } elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') {
                $this->wallabag->updateToken();
            }
-            else {
+            elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
-                $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
+                $plainUrl = new Url(base64_encode($_GET['plainurl']));
-                $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
+                $this->wallabag->action('add', $plainUrl);
            }
        }
-        elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
-            $plainUrl = new Url(base64_encode($_GET['plainurl']));
-            $this->wallabag->action('add', $plainUrl);
-        }
    }
    public function _render($file, $vars)
author	Maryana Rozhankivska <mariroz@mr.lviv.ua>	2014-07-24 16:48:41 +0300
committer	Maryana Rozhankivska <mariroz@mr.lviv.ua>	2014-07-24 16:48:41 +0300
commit	7dd8b5026d0ae52fc5be001ee224aac72f3e7b25 (patch)
tree	333ac92d8182ff498361c45f38bfea6aa66b84ea /inc
parent	6da20812ce04e3e45c21c6da640d6ccde91e8c38 (diff)
download	wallabag-7dd8b5026d0ae52fc5be001ee224aac72f3e7b25.tar.gz wallabag-7dd8b5026d0ae52fc5be001ee224aac72f3e7b25.tar.zst wallabag-7dd8b5026d0ae52fc5be001ee224aac72f3e7b25.zip

diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index a49413f2..098dd7c1 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php
@@ -750,8 +750,8 @@ class Poche
750	die(sprintf(_('User with this id (%d) does not exist.'), $user_id));	750	die(sprintf(_('User with this id (%d) does not exist.'), $user_id));
751	}	751	}
752		752
753	if (!in_array($type, $allowed_types) \|\| $token != $config['token']) {	753	if (!in_array($type, $allowed_types) \|\| !isset($config['token']) \|\| $token != $config['token']) {
754	die(_('Uh, there is a problem while generating feeds.'));	754	die(_('Uh, there is a problem while generating feed. Wrong token used?'));
755	}	755	}
756		756
757	$feed = new FeedWriter(RSS2);	757	$feed = new FeedWriter(RSS2);


diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php index eb4c4d90..653fa900 100644..100755 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php
@@ -97,50 +97,53 @@ class Routing
97		97
98	private function _launchAction()	98	private function _launchAction()
99	{	99	{
100	if (isset($_GET['login'])) {	100	if (isset($_GET['login'])) {
101	// hello you	101	// hello to you
102	$this->wallabag->login($this->referer);	102	$this->wallabag->login($this->referer);
103	} elseif (isset($_GET['logout'])) {	103	} elseif (isset($_GET['feed']) && isset($_GET['user_id'])) {
104	// see you soon !	104	$tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
105	$this->wallabag->logout();	105	$this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
106	} elseif (isset($_GET['config'])) {	106	}
107	// update password	107
108	$this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']);	108	//allowed ONLY to logged in user
109	} elseif (isset($_GET['newuser'])) {	109	if ( \Session::isLogged() === true )
110	$this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']);	110	{
111	} elseif (isset($_GET['deluser'])) {	111	if (isset($_GET['logout'])) {
112	$this->wallabag->deleteUser($_POST['password4deletinguser']);	112	// see you soon !
113	} elseif (isset($_GET['epub'])) {	113	$this->wallabag->logout();
114	$epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']);	114	} elseif (isset($_GET['config'])) {
115	$epub->run();	115	// update password
116	} elseif (isset($_GET['import'])) {	116	$this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']);
117	$import = $this->wallabag->import();	117	} elseif (isset($_GET['newuser'])) {
118	$tplVars = array_merge($this->vars, $import);	118	$this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']);
119	} elseif (isset($_GET['download'])) {	119	} elseif (isset($_GET['deluser'])) {
120	Tools::downloadDb();	120	$this->wallabag->deleteUser($_POST['password4deletinguser']);
121	} elseif (isset($_GET['empty-cache'])) {	121	} elseif (isset($_GET['epub'])) {
122	Tools::emptyCache();	122	$epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']);
123	} elseif (isset($_GET['export'])) {	123	$epub->run();
124	$this->wallabag->export();	124	} elseif (isset($_GET['import'])) {
125	} elseif (isset($_GET['updatetheme'])) {	125	$import = $this->wallabag->import();
126	$this->wallabag->tpl->updateTheme($_POST['theme']);	126	$tplVars = array_merge($this->vars, $import);
127	} elseif (isset($_GET['updatelanguage'])) {	127	} elseif (isset($_GET['download'])) {
128	$this->wallabag->language->updateLanguage($_POST['language']);	128	Tools::downloadDb();
129	} elseif (isset($_GET['uploadfile'])) {	129	} elseif (isset($_GET['empty-cache'])) {
130	$this->wallabag->uploadFile();	130	Tools::emptyCache();
131	} elseif (isset($_GET['feed'])) {	131	} elseif (isset($_GET['export'])) {
132	if (isset($_GET['action']) && $_GET['action'] == 'generate') {	132	$this->wallabag->export();
		133	} elseif (isset($_GET['updatetheme'])) {
		134	$this->wallabag->tpl->updateTheme($_POST['theme']);
		135	} elseif (isset($_GET['updatelanguage'])) {
		136	$this->wallabag->language->updateLanguage($_POST['language']);
		137	} elseif (isset($_GET['uploadfile'])) {
		138	$this->wallabag->uploadFile();
		139	} elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') {
133	$this->wallabag->updateToken();	140	$this->wallabag->updateToken();
134	}	141	}
135	else {	142	elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
136	$tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);	143	$plainUrl = new Url(base64_encode($_GET['plainurl']));
137	$this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);	144	$this->wallabag->action('add', $plainUrl);
138	}	145	}
139	}	146	}
140	elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
141	$plainUrl = new Url(base64_encode($_GET['plainurl']));
142	$this->wallabag->action('add', $plainUrl);
143	}
144	}	147	}
145		148
146	public function _render($file, $vars)	149	public function _render($file, $vars)