HOR-3920 Unauthenticated calling of may Ajax pages with tracker_designer=1 (URL INJECTION)
- Add validation in sysGeneric with session PIN and CASE
This commit is contained in:
Marco Antonio Nina Mena
@@ -196,15 +196,20 @@ class Admin extends Controller
|
|||||||
$this->render('extJs');
|
$this->render('extJs');
|
||||||
}
|
}
|
||||||
|
|
||||||
function getSystemInfo ()
|
public function getSystemInfo()
|
||||||
{
|
{
|
||||||
$this->setResponseType( 'json' );
|
global $RBAC;
|
||||||
$infoList = $this->_getSystemInfo();
|
$RBAC->requirePermissions('PM_SETUP');
|
||||||
$data = array ();
|
|
||||||
|
|
||||||
foreach ($infoList as $row) {
|
$this->setResponseType('json');
|
||||||
$data[] = array ('label' => $row[0],'value' => $row[1],'section' => $row[2]
|
$data = [];
|
||||||
);
|
|
||||||
|
foreach ($this->_getSystemInfo() as $row) {
|
||||||
|
$data[] = [
|
||||||
|
'label' => $row[0],
|
||||||
|
'value' => $row[1],
|
||||||
|
'section' => $row[2]
|
||||||
|
];
|
||||||
}
|
}
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -999,23 +999,25 @@ if (! defined( 'EXECUTE_BY_CRON' )) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($bRedirect && !isset($_GET["tracker_designer"])) {
|
if ($bRedirect &&
|
||||||
if (substr( SYS_SKIN, 0, 2 ) == 'ux' && SYS_SKIN != 'uxs') { // verify if the current skin is a 'ux' variant
|
(!isset($_GET['tracker_designer']) || (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN']))) &&
|
||||||
|
$_GET['tracker_designer'] !== 1) {
|
||||||
|
if (substr(SYS_SKIN, 0, 2) === 'ux' && SYS_SKIN !== 'uxs') { // verify if the current skin is a 'ux' variant
|
||||||
$loginUrl = 'main/login';
|
$loginUrl = 'main/login';
|
||||||
} else if (strpos( $_SERVER['REQUEST_URI'], '/home' ) !== false) { //verify is it is using the uxs skin for simplified interface
|
} else if (strpos($_SERVER['REQUEST_URI'], '/home') !== false) { //verify is it is using the uxs skin for simplified interface
|
||||||
$loginUrl = 'home/login';
|
$loginUrl = 'home/login';
|
||||||
} else {
|
} else {
|
||||||
$loginUrl = 'login/login'; // just set up the classic login
|
$loginUrl = 'login/login'; // just set up the classic login
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty( $_POST )) {
|
if (empty($_POST)) {
|
||||||
header( 'location: ' . SYS_URI . $loginUrl . '?u=' . urlencode( $_SERVER['REQUEST_URI'] ) );
|
header('location: ' . SYS_URI . $loginUrl . '?u=' . urlencode($_SERVER['REQUEST_URI']));
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
if ($isControllerCall) {
|
if ($isControllerCall) {
|
||||||
header( "HTTP/1.0 302 session lost in controller" );
|
header("HTTP/1.0 302 session lost in controller");
|
||||||
} else {
|
} else {
|
||||||
header( 'location: ' . SYS_URI . $loginUrl );
|
header('location: ' . SYS_URI . $loginUrl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
die();
|
die();
|
||||||
|
|||||||
Reference in New Issue
Block a user