riyyi
/
website
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Controller: Add CSRF token validation to development toggle

master
Riyyi 3 years ago
parent
d50443b10a
commit
9a99c31d47
3 changed files with 37 additions and 22 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      app/controllers/CacheController.php
  2. 1
      app/views/admin/cache.php
  3. 21
      public/js/app.js

3
app/controllers/CacheController.php
Unescape View File

@ -21,6 +21,7 @@ class CacheController extends PageController {
$this->router->service()->config = $config; $this->router->service()->config = $config;
$this->router->service()->csrfToken = Session::token(); $this->router->service()->csrfToken = Session::token();
$this->router->service()->purgeUrl = $this->url . '/purge'; $this->router->service()->purgeUrl = $this->url . '/purge';
$this->router->service()->toggleUrl = $this->url . '/toggle';
parent::view(); parent::view();
} }
@ -81,7 +82,7 @@ class CacheController extends PageController {
public function toggleAction(): void public function toggleAction(): void
{ {
if (Config::c('CLOUDFLARE_ENABLED') != '1') { if (!$this->validatePostRequest()) {
return; return;
} }

1
app/views/admin/cache.php
Unescape View File

@ -75,6 +75,7 @@ use \App\Classes\Config;
<div class="col-3 col-md-2 col-lg-2 col-xl-2"> <div class="col-3 col-md-2 col-lg-2 col-xl-2">
<div class="d-flex justify-content-center"> <div class="d-flex justify-content-center">
<input type="checkbox" id="development-mode" <input type="checkbox" id="development-mode"
data-href="<?= $this->toggleUrl; ?>" data-token="<?= $this->csrfToken; ?>"
<?= $this->config['CLOUDFLARE_DEVELOPMENT_MODE_ENABLED'] ? 'checked' : ''; ?>> <?= $this->config['CLOUDFLARE_DEVELOPMENT_MODE_ENABLED'] ? 'checked' : ''; ?>>
</div> </div>
</div> </div>

21
public/js/app.js
Unescape View File

@ -233,13 +233,13 @@ $(document).ready(function() {
{ {
event.preventDefault(); event.preventDefault();
const purgeType = $(this).attr('data-type');
const csrfToken = $(this).attr('data-token');
if (!confirm('Are you sure you want to continue?')) { if (!confirm('Are you sure you want to continue?')) {
return; return;
} }
const purgeType = $(this).attr('data-type');
const csrfToken = $(this).attr('data-token');
$.ajax({ $.ajax({
url: $(this).attr('href'), url: $(this).attr('href'),
type: 'POST', type: 'POST',
@ -272,8 +272,20 @@ $(document).ready(function() {
return; return;
} }
$.get('/admin/cache/toggle').done(function(data) const dataHref = $(this).attr('data-href');
const csrfToken = $(this).attr('data-token');
$.ajax({
url: dataHref,
type: 'POST',
data: { _token: csrfToken },
success: function(data)
{ {
if (data == '') {
alert("Development mode could not be enabled!");
return;
}
const response = JSON.parse(data); const response = JSON.parse(data);
if (response.success == false) { if (response.success == false) {
console.log(data); console.log(data);
@ -292,6 +304,7 @@ $(document).ready(function() {
} }
alert("Development mode has been set to: '" + response.result.value + "'"); alert("Development mode has been set to: '" + response.result.value + "'");
}
}); });
}); });

Write Preview
Loading…
Cancel
Save