clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix security vulnerability in admin modules

Browse Source 
- The Module\BaseAdmin::post method checked credentials but didn't abort the process when it failed
- Created Module\BaseAdmin::checkAdminAccess method
This commit is contained in:
Hypolite Petovan
2020-09-08 10:44:27 -04:00
parent 9bc2c5a52e
commit 3efa8648c5
12 changed files with 29 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Module/Admin/Tos.php
View File

@@ -29,7 +29,7 @@ class Tos extends BaseAdmin
{
public static function post(array $parameters = [])
{
parent::post($parameters);
self::checkAdminAccess();
if (empty($_POST['page_tos'])) {
return;