devol/LinkStack
1
0
Fork 0
mirror of https://github.com/LinkStackOrg/LinkStack.git synced 2025-02-16 12:00:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Security fix

Browse Source
This commit is contained in:
Julian Prieber 2023-07-14 17:59:39 +02:00
parent f77d29fb9b
commit b3e0b36dba
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/AdminController.php
View File

@ -675,7 +675,7 @@ public function SendTestMail(Request $request)
$user = User::find($userID);
if($user->remember_token == $token){
if($user->remember_token == $token && $request->session()->get('display_auth_nav') === $user->remember_token){
$user->auth_as = null;
$user->remember_token = null;
$user->save();
@ -686,7 +686,7 @@ public function SendTestMail(Request $request)
return redirect('/admin/users/all');
} else {
return redirect('');
Auth::logout();
}
}

16
app/Http/Middleware/Impersonate.php
View File

@ -35,11 +35,18 @@ class Impersonate
}
Auth::loginUsingId($id);
$request->session()->put('display_auth_nav', true);
$request->session()->put('display_auth_nav', $token);
$request->session()->save();
}
if($request->session()->has('display_auth_nav')) {
$dashboard = url('dashboard');
$URL = url('/auth-as');
$csrf = csrf_token();
$remember_token = User::find($originalUser);
$token = $remember_token->remember_token;
$storageToken = $request->session()->get('display_auth_nav');
if($storageToken === $token) {
if (file_exists(base_path(findAvatar($id)))) {
$img = '<img alt="avatar" class="iimg irounded" src="' . url(findAvatar($id)) . '">';
} elseif (file_exists(base_path("assets/linkstack/images/").findFile('avatar'))) {
@ -47,11 +54,6 @@ if (file_exists(base_path(findAvatar($id)))) {
} else {
$img = '<img alt="avatar" class="iimg" src="' . asset('assets/linkstack/images/logo.svg') . '">';
}
$dashboard = url('dashboard');
$URL = url('/auth-as');
$csrf = csrf_token();
$remember_token = User::find($originalUser);
$token = $remember_token->remember_token;
$customHtml =
<<<EOD
@ -154,6 +156,6 @@ EOD;;
Auth::logout();
}
return $next($request);
}
}}else{return $next($request);}
}
}