CSFR protection
This commit is contained in:
+57
-7
@@ -37,17 +37,17 @@ body::-webkit-scrollbar {
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<script>
|
<script>
|
||||||
var topbuttons = document.querySelectorAll("button[form='views']");
|
var topbuttons = document.querySelectorAll("button[form='views']");
|
||||||
if(window.location.search.substr(1) != '') {
|
if(window.location.search.substr(1) != '') {
|
||||||
for (var i = 0; i < topbuttons.length; i++) {
|
for (var i = 0; i < topbuttons.length; i++) {
|
||||||
if(topbuttons[i].value == decodeURIComponent(window.location.search.substr(1)).replace(/\+/g,' ').split('=').pop()) {
|
if(topbuttons[i].value == decodeURIComponent(window.location.search.substr(1)).replace(/\+/g,' ').split('=').pop()) {
|
||||||
topbuttons[i].classList.add("button-hover");
|
topbuttons[i].classList.add("button-hover");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
topbuttons[0].classList.add("button-hover");
|
topbuttons[0].classList.add("button-hover");
|
||||||
}
|
}
|
||||||
function copyOutput(elem) {
|
function copyOutput(elem) {
|
||||||
elem.innerHTML = 'Copied!';
|
elem.innerHTML = 'Copied!';
|
||||||
const copyText = document.getElementsByTagName("pre")[0].textContent;
|
const copyText = document.getElementsByTagName("pre")[0].textContent;
|
||||||
const textArea = document.createElement('textarea');
|
const textArea = document.createElement('textarea');
|
||||||
@@ -57,7 +57,7 @@ body::-webkit-scrollbar {
|
|||||||
document.body.append(textArea);
|
document.body.append(textArea);
|
||||||
textArea.select();
|
textArea.select();
|
||||||
document.execCommand("copy");
|
document.execCommand("copy");
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
<div class="views">
|
<div class="views">
|
||||||
@@ -210,8 +210,58 @@ if(isset($_GET['view'])){
|
|||||||
} else {
|
} else {
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||||
if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){
|
$allowedCommands = array('sudo systemctl stop livestream.service && sudo /etc/init.d/icecast2 stop',
|
||||||
|
'sudo systemctl restart livestream.service && sudo /etc/init.d/icecast2 restart',
|
||||||
|
'sudo systemctl disable --now livestream.service && sudo systemctl disable icecast2 && sudo /etc/init.d/icecast2 stop',
|
||||||
|
'sudo systemctl enable icecast2 && sudo /etc/init.d/icecast2 start && sudo systemctl enable --now livestream.service',
|
||||||
|
'sudo systemctl stop web_terminal.service',
|
||||||
|
'sudo systemctl restart web_terminal.service',
|
||||||
|
'sudo systemctl disable --now web_terminal.service',
|
||||||
|
'sudo systemctl enable --now web_terminal.service',
|
||||||
|
'sudo systemctl stop birdnet_log.service',
|
||||||
|
'sudo systemctl restart birdnet_log.service',
|
||||||
|
'sudo systemctl disable --now birdnet_log.service',
|
||||||
|
'sudo systemctl enable --now birdnet_log.service',
|
||||||
|
'sudo systemctl stop extraction.service',
|
||||||
|
'sudo systemctl restart extraction.service',
|
||||||
|
'sudo systemctl disable --now extraction.service',
|
||||||
|
'sudo systemctl enable --now extraction.service',
|
||||||
|
'sudo systemctl stop birdnet_server.service',
|
||||||
|
'sudo systemctl restart birdnet_server.service',
|
||||||
|
'sudo systemctl disable --now birdnet_server.service',
|
||||||
|
'sudo systemctl enable --now birdnet_server.service',
|
||||||
|
'sudo systemctl stop birdnet_analysis.service',
|
||||||
|
'sudo systemctl restart birdnet_analysis.service',
|
||||||
|
'sudo systemctl disable --now birdnet_analysis.service',
|
||||||
|
'sudo systemctl enable --now birdnet_analysis.service',
|
||||||
|
'sudo systemctl stop birdnet_stats.service',
|
||||||
|
'sudo systemctl restart birdnet_stats.service',
|
||||||
|
'sudo systemctl disable --now birdnet_stats.service',
|
||||||
|
'sudo systemctl enable --now birdnet_stats.service',
|
||||||
|
'sudo systemctl stop birdnet_recording.service',
|
||||||
|
'sudo systemctl restart birdnet_recording.service',
|
||||||
|
'sudo systemctl disable --now birdnet_recording.service',
|
||||||
|
'sudo systemctl enable --now birdnet_recording.service',
|
||||||
|
'sudo systemctl stop chart_viewer.service',
|
||||||
|
'sudo systemctl restart chart_viewer.service',
|
||||||
|
'sudo systemctl disable --now chart_viewer.service',
|
||||||
|
'sudo systemctl enable --now chart_viewer.service',
|
||||||
|
'sudo systemctl stop spectrogram_viewer.service',
|
||||||
|
'sudo systemctl restart spectrogram_viewer.service',
|
||||||
|
'sudo systemctl disable --now spectrogram_viewer.service',
|
||||||
|
'sudo systemctl enable --now spectrogram_viewer.service',
|
||||||
|
'sudo systemctl stop pushed_notifications.service',
|
||||||
|
'sudo systemctl restart pushed_notifications.service',
|
||||||
|
'sudo systemctl disable --now pushed_notifications.service',
|
||||||
|
'sudo systemctl enable --now pushed_notifications.service',
|
||||||
|
'stop_core_services.sh',
|
||||||
|
'restart_services.sh',
|
||||||
|
'sudo reboot',
|
||||||
|
'update_birdnet.sh',
|
||||||
|
'sudo shutdown now',
|
||||||
|
'sudo clear_all_data.sh');
|
||||||
$command = $_GET['submit'];
|
$command = $_GET['submit'];
|
||||||
|
if($submittedpwd == $caddypwd && $submitteduser == 'birdnet' && in_array($command,$allowedCommands)){
|
||||||
if(isset($command)){
|
if(isset($command)){
|
||||||
$initcommand = $command;
|
$initcommand = $command;
|
||||||
if (strpos($command, "systemctl") !== false) {
|
if (strpos($command, "systemctl") !== false) {
|
||||||
|
|||||||
Reference in New Issue
Block a user