beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-21 15:10:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

WebAdmin: check CSRF header when deleting blocked hosts

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2024-11-09 18:09:52 +01:00
parent 03724d5eb1
commit 7aac64531f
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
internal/httpd/server.go
View file

@ -1809,8 +1809,8 @@ func (s *httpdServer) setupWebAdminRoutes() {
router.With(s.checkPerm(dataprovider.PermAdminManageSystem)).Post(webTemplateFolder, s.handleWebTemplateFolderPost) router.With(s.checkPerm(dataprovider.PermAdminManageSystem)).Post(webTemplateFolder, s.handleWebTemplateFolderPost)
router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderPath, s.handleWebDefenderPage) router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderPath, s.handleWebDefenderPage)
router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderHostsPath, getDefenderHosts) router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderHostsPath, getDefenderHosts)
router.With(s.checkPerm(dataprovider.PermAdminManageDefender)).Delete(webDefenderHostsPath+"/{id}", router.With(s.checkPerm(dataprovider.PermAdminManageDefender), s.verifyCSRFHeader).
deleteDefenderHostByID) Delete(webDefenderHostsPath+"/{id}", deleteDefenderHostByID)
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), compressor.Handler, s.refreshCookie). router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), compressor.Handler, s.refreshCookie).
Get(webAdminEventActionsPath+jsonAPISuffix, getAllActions) Get(webAdminEventActionsPath+jsonAPISuffix, getAllActions)
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), s.refreshCookie). router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), s.refreshCookie).