IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-01-13 09:32:48 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix export vulnerability, found by GitHub user @oomb and disclosed via the excellent huntr.dev platform.

Browse Source
This commit is contained in:
James Cole 2021-06-03 12:51:31 +02:00
parent 906fca7e9e
commit 5303321952
No known key found for this signature in database
GPG Key ID: B5669F9493CDE38D
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
resources/views/v1/export/index.twig
View File

@ -15,9 +15,10 @@
<p>
{{ 'export_data_expl'|_ }}
</p>
<ul>
<li><i class="fa fa-fw fa-download"></i> <a href="{{ route('export.export') }}" title="{{ 'export_data_all_transactions'|_ }}">{{ 'export_data_all_transactions'|_ }}</a></li>
</ul>
<form action="{{ route('export.export') }}" method="post">
<input type="hidden" name="_token" value="{{ csrf_token() }}"/>
<button type="submit"><i class="fa fa-fw fa-download"></i> {{ 'export_data_all_transactions'|_ }}</button>
</form>
<p>
{{ 'export_data_advanced_expl'|_ }}
</p>

2
routes/web.php
View File

@ -538,7 +538,7 @@ Route::group(
// index
Route::get('', ['uses' => 'Export\IndexController@index', 'as' => 'index']);
Route::get('export', ['uses' => 'Export\IndexController@export', 'as' => 'export']);
Route::post('export', ['uses' => 'Export\IndexController@export', 'as' => 'export']);
}
);
/**