clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix security vulnerability in admin modules

Browse Source 
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
This commit is contained in:
Hypolite Petovan
2020-09-08 10:44:27 -04:00
parent 9bc2c5a52e
commit 3efa8648c5
12 changed files with 29 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Module/Admin/PhpInfo.php
View File

@@ -27,7 +27,7 @@ class PhpInfo extends BaseAdmin
{
public static function rawContent(array $parameters = [])
{
parent::rawContent($parameters);
self::checkAdminAccess();
phpinfo();
exit();