]> andersk Git - sql-web.git/blobdiff - tpl/main.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / tpl / main.php
diff --git a/tpl/main.php b/tpl/main.php
index 25d10edb32170adb1020a4508224be3ba5f0881f..fc642dd3ab4417712ebe59f540bbece18d8017bb 100644 (file)
--- a/tpl/main.php
+++ b/tpl/main.php
@@ -4,23 +4,25 @@ include 'head.php';
 
 if (isset($i_dropask)) {
        $dropdbs = array_keys($i_dropask);
-       echo '<form method="post">';
+       echo '<form method="post" action="', $URI,'">';
        foreach($dropdbs as $dbname) {
-               $msg1[] = 'Are you sure you want to drop `'.$dbname.'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.$dbname.']" value="Yes">';
+               $msg1[] = 'Are you sure you want to drop `'.htmlentities($dbname).'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.htmlentities($dbname).']" value="Yes">';
        }
        echo '</form>';
 }
 
 ?>
-<h2>Databases</h2>
+<h3>Databases</h3>
 
-<form method="post">
+<form method="post" action="<?=$URI?>">
+<input type='hidden' name='csrf_token' value='<?php echo $_SESSION['csrf_token']; ?>'>
 <?php printErrors($err1); ?>
 <?php printMsgs($msg1); ?>
 </form>
 
 <table width="100%">
-<form method="post">
+<form method="post" action="<?=$URI?>">
+<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
 <?php
        $bytes = $User->getBytes();
        $usage = $bytes['nBytes'];
@@ -33,9 +35,9 @@ if (isset($i_dropask)) {
                if ($total>0)
                        $percentage = $db['nBytes']/$total;
                else $percentage = 0;
-               echo printBar($percentage, $db['Name'], str_replace(' ', '&nbsp;', sprintSize($db['nBytes'])));
+               echo printBar($percentage, htmlentities($db['Name']), str_replace(' ', '&nbsp;', sprintSize($db['nBytes'])));
                echo '</td><td>';
-               echo '<input type="submit" name="dropask[',$db['Name'],']" value="drop">';
+               echo '<input type="submit" name="dropask[',htmlentities($db['Name']),']" value="drop">';
                echo '</td></tr>';
        }
        if ($total>0) {
@@ -53,13 +55,14 @@ if (isset($i_dropask)) {
 </form>
 </table>
 
-<form method="post">
-<p align="right"><span style="width: 150px;"><label for="p1">new database:</label></span> <input type="text" name="newdb">
+<form method="post" action="<?=$URI?>">
+<p align="right"><span style="width: 150px; font-style: italic;"><label for="p1">new database:</label></span> <?=$Login->getUsername()?>+<input type="text" name="newdb">
+<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
 <input type=submit value="add"></p>
 </form>
 
-<h2>Manage Data</h2>
-<p>One interface we recommend for managing SQL data is <a href="/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a>. Feel free to use it after you've created your databases.</p>
+<h3>Manage Data</h3>
+<p>One interface we recommend for managing SQL data is <a href="https://scripts.mit.edu/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a>. Feel free to use it after you've created your databases.</p>
 
 <?php
 
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.082555 seconds and 4 git commands to generate.