fix csrf for clearing apcu/opcache cache

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2022-12-31 09:08:34 +01:00
parent 5a807e3dbe
commit f7f356e896
4 changed files with 34 additions and 10 deletions
--- a/admin_apcuinfo.php
+++ b/admin_apcuinfo.php
@@ -34,6 +34,7 @@
 use Froxlor\FroxlorLogger;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Response;
+use Froxlor\UI\HTML;

 const AREA = 'admin';
 require __DIR__ . '/lib/init.php';
@@ -41,13 +42,23 @@ require __DIR__ . '/lib/init.php';
 $horizontal_bar_size = 950; // 1280px window width

 if ($action == 'delete' && function_exists('apcu_clear_cache') && $userinfo['change_serversettings'] == '1') {
-	apcu_clear_cache();
-	$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "cleared APCu cache");
-	header('Location: ' . $linker->getLink([
+	if ($_POST['send'] == 'send') {
+		apcu_clear_cache();
+		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "cleared APCu cache");
+		header('Location: ' . $linker->getLink([
+				'section' => 'apcuinfo',
+				'page' => 'showinfo'
+			]));
+		exit();
+	} else {
+		HTML::askYesNo('cache_reallydelete', $filename, [
+			'page' => $page,
+			'action' => 'delete',
+		], '', [
 			'section' => 'apcuinfo',
 			'page' => 'showinfo'
-		]));
-	exit();
+		]);
+	}
 }

 if (!function_exists('apcu_cache_info') || !function_exists('apcu_sma_info')) {
--- a/admin_opcacheinfo.php
+++ b/admin_opcacheinfo.php
@@ -35,15 +35,26 @@ require __DIR__ . '/lib/init.php';
 use Froxlor\FroxlorLogger;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Response;
+use Froxlor\UI\HTML;

 if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {
-	opcache_reset();
-	$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
-	header('Location: ' . $linker->getLink([
+	if ($_POST['send'] == 'send') {
+		opcache_reset();
+		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
+		header('Location: ' . $linker->getLink([
+				'section' => 'opcacheinfo',
+				'page' => 'showinfo'
+			]));
+		exit();
+	} else {
+		HTML::askYesNo('cache_reallydelete', $filename, [
+			'page' => $page,
+			'action' => 'reset',
+		], '', [
 			'section' => 'opcacheinfo',
 			'page' => 'showinfo'
-		]));
-	exit();
+		]);
+	}
 }

 if (!function_exists('opcache_get_configuration')) {
--- a/lng/de.lng.php
+++ b/lng/de.lng.php
@@ -1279,6 +1279,7 @@ Vielen Dank, Ihr Administrator',
 		'apikey_reallyadd' => 'Einen neuen Api-Key erstellen?',
 		'dnsentry_reallydelete' => 'Wollen Sie den DNS-Eintrag wirklich löschen?',
 		'certificate_reallydelete' => 'Wollen Sie diese Zertifikat wirklich löschen?',
+		'cache_reallydelete' => 'Wollen Sie den Cache wirklich leeren?',
 	],
 	'serversettings' => [
 		'session_timeout' => [
--- a/lng/en.lng.php
+++ b/lng/en.lng.php
@@ -1391,6 +1391,7 @@ Yours sincerely, your administrator',
 		'apikey_reallyadd' => 'Do you really want to create a new api-key?',
 		'dnsentry_reallydelete' => 'Do you really want to delete this zone entry?',
 		'certificate_reallydelete' => 'Do you really want to delete this certificate?',
+		'cache_reallydelete' => 'Do you really want to clear the cache?',
 	],
 	'redirect_desc' => [
 		'rc_default' => 'default',