Browse Source

Controller: Add CSRF token validation to development toggle

master
Riyyi 3 years ago
parent
commit
9a99c31d47
  1. 3
      app/controllers/CacheController.php
  2. 1
      app/views/admin/cache.php
  3. 21
      public/js/app.js

3
app/controllers/CacheController.php

@ -21,6 +21,7 @@ class CacheController extends PageController {
$this->router->service()->config = $config; $this->router->service()->config = $config;
$this->router->service()->csrfToken = Session::token(); $this->router->service()->csrfToken = Session::token();
$this->router->service()->purgeUrl = $this->url . '/purge'; $this->router->service()->purgeUrl = $this->url . '/purge';
$this->router->service()->toggleUrl = $this->url . '/toggle';
parent::view(); parent::view();
} }
@ -81,7 +82,7 @@ class CacheController extends PageController {
public function toggleAction(): void public function toggleAction(): void
{ {
if (Config::c('CLOUDFLARE_ENABLED') != '1') { if (!$this->validatePostRequest()) {
return; return;
} }

1
app/views/admin/cache.php

@ -75,6 +75,7 @@ use \App\Classes\Config;
<div class="col-3 col-md-2 col-lg-2 col-xl-2"> <div class="col-3 col-md-2 col-lg-2 col-xl-2">
<div class="d-flex justify-content-center"> <div class="d-flex justify-content-center">
<input type="checkbox" id="development-mode" <input type="checkbox" id="development-mode"
data-href="<?= $this->toggleUrl; ?>" data-token="<?= $this->csrfToken; ?>"
<?= $this->config['CLOUDFLARE_DEVELOPMENT_MODE_ENABLED'] ? 'checked' : ''; ?>> <?= $this->config['CLOUDFLARE_DEVELOPMENT_MODE_ENABLED'] ? 'checked' : ''; ?>>
</div> </div>
</div> </div>

21
public/js/app.js

@ -233,13 +233,13 @@ $(document).ready(function() {
{ {
event.preventDefault(); event.preventDefault();
const purgeType = $(this).attr('data-type');
const csrfToken = $(this).attr('data-token');
if (!confirm('Are you sure you want to continue?')) { if (!confirm('Are you sure you want to continue?')) {
return; return;
} }
const purgeType = $(this).attr('data-type');
const csrfToken = $(this).attr('data-token');
$.ajax({ $.ajax({
url: $(this).attr('href'), url: $(this).attr('href'),
type: 'POST', type: 'POST',
@ -272,8 +272,20 @@ $(document).ready(function() {
return; return;
} }
$.get('/admin/cache/toggle').done(function(data) const dataHref = $(this).attr('data-href');
const csrfToken = $(this).attr('data-token');
$.ajax({
url: dataHref,
type: 'POST',
data: { _token: csrfToken },
success: function(data)
{ {
if (data == '') {
alert("Development mode could not be enabled!");
return;
}
const response = JSON.parse(data); const response = JSON.parse(data);
if (response.success == false) { if (response.success == false) {
console.log(data); console.log(data);
@ -292,6 +304,7 @@ $(document).ready(function() {
} }
alert("Development mode has been set to: '" + response.result.value + "'"); alert("Development mode has been set to: '" + response.result.value + "'");
}
}); });
}); });

Loading…
Cancel
Save