Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-24 04:38:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Require CSRF token for debug log generation

Browse Source
This commit is contained in:
Mcat12
2017-04-02 19:23:03 -04:00
parent d956c35c24
commit 4d9d9dc949
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/pi-hole/js/debug.js
View File

@@ -29,6 +29,7 @@ function eventsource() {
var ta = $("#output");
var upload = $( "#upload" );
var checked = "";
var token = encodeURIComponent($("#token").html());
if(upload.prop("checked"))
{
@@ -37,12 +38,12 @@ function eventsource() {
// IE does not support EventSource - load whole content at once
if (typeof EventSource !== "function") {
httpGet(ta,"/admin/scripts/pi-hole/php/debug.php?IE&"+checked);
httpGet(ta,"/admin/scripts/pi-hole/php/debug.php?IE&token="+token+"&"+checked);
return;
}
var host = window.location.host;
var source = new EventSource("/admin/scripts/pi-hole/php/debug.php?"+checked);
var source = new EventSource("/admin/scripts/pi-hole/php/debug.php?&token="+token+"&"+checked);
// Reset and show field
ta.empty();

12
scripts/pi-hole/php/debug.php
View File

@@ -5,6 +5,18 @@ ob_implicit_flush(true);
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
require "password.php";
require "auth.php";
if(!$auth) {
die("Unauthorized");
}
check_cors();
$token = isset($_GET["token"]) ? $_GET["token"] : "";
check_csrf($token);
function echoEvent($datatext) {
if(!isset($_GET["IE"]))
echo "data: ".implode("\ndata: ", explode("\n", $datatext))."\n\n";