YunoHost-Apps/question2answer_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/question2answer_ynh.git synced 2024-09-03 20:16:07 +02:00
Code Issues Activity Actions

Try again with csrf

Browse source
This commit is contained in:
Salamandar 2024-01-24 12:09:43 +01:00
parent 005a2cbdaf
commit be5bdd9d7e
2 changed files with 21 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
scripts/_common.sh
View file

@ -14,10 +14,10 @@
ynh_local_curl_csrf () {
# Define url of page to curl
local local_page=$1
local full_path=$path$local_page
local local_page=$(ynh_normalize_url_path $1)
local full_path=$path_url$local_page
if [ "${path}" == "/" ]; then
if [ "${path_url}" == "/" ]; then
full_path=$local_page
fi
@ -26,12 +26,10 @@ ynh_local_curl_csrf () {
# Concatenate all other arguments with '&' to prepare POST data
local POST_data=""
local arg=""
for arg in "${@:2}"
do
for arg in "${@:2}"; do
POST_data="${POST_data}${arg}&"
done
if [ -n "$POST_data" ]
then
if [ -n "$POST_data" ]; then
# Add --data arg and remove the last character, which is an unecessary '&'
POST_data="--data ${POST_data::-1}"
fi
@ -41,16 +39,28 @@ ynh_local_curl_csrf () {
local cookiefile=/tmp/ynh-$app-cookie.txt
touch $cookiefile
chown $app $cookiefile
chown root $cookiefile
chmod 700 $cookiefile
# Temporarily enable visitors if needed...
local visitors_enabled=$(ynh_permission_has_user "main" "visitors" && echo yes || echo no)
if [[ $visitors_enabled == "no" ]]; then
ynh_permission_update --permission "main" --add "visitors"
fi
# Curl the URL for the CSRF token
local code_line=`curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile | grep "input name=\"code\""`
data=$(curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile)
local code_line=$(echo "$data" | grep "input name=\"code\"")
local code=${code_line:40:53}
POST_data="${POST_data}&code=${code}"
POST_data="${POST_data}&code=${code}"
curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile
if [[ $visitors_enabled == "no" ]]; then
ynh_permission_update --permission "main" --remove "visitors"
fi
}
#Convert --data to --data-urlencode before ynh_local_curl

2
scripts/install
View file

@ -68,7 +68,7 @@ admin_temp_pass=$(ynh_string_random --length=10)
ynh_local_curl "/index.php?qa=install" "create=Set+up+the+Database+including+User+Management"
ynh_local_curl "/index.php?qa=install" "handle=$admin" "password=$admin_temp_pass" "email=$admin_email" "super=Set+up+the+Super+Administrator"
ynh_local_curl "/index.php?qa=admin&qa_1=general" \
ynh_local_curl_csrf "/index.php?qa=admin&qa_1=general" \
"$(myynh_urlencode "option_site_title=$q2a_name")" \
"$(myynh_urlencode "option_site_url=https://$domain$path")" \
"option_neat_urls=0" \