Alex/polr
1
0
Fork 0
mirror of https://github.com/cydrobolt/polr.git synced 2024-09-16 19:02:23 +02:00
Code Issues Releases Wiki Activity

Merge pull request from GHSA-vg6w-8w9v-xxqc

Browse Source
This commit is contained in:
Chaoyi Zha 2021-01-28 17:40:44 -05:00 committed by GitHub
parent 10be1cbf40
commit b198170990
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 409 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/Http/Controllers/SetupController.php
View File

@ -3,6 +3,7 @@ namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Http\Redirect;
use Illuminate\Support\Facades\Artisan;
use Illuminate\Support\Facades\Schema;
use App\Helpers\CryptoHelper;
use App\Models\User;
@ -218,8 +219,8 @@ class SetupController extends Controller {
}
public static function finishSetup(Request $request) {
// get data from cookie, decode JSON
if (!isset($_COOKIE['setup_arguments'])) {
// Abort if setup arguments are missing.
abort(404);
}
@ -229,12 +230,19 @@ class SetupController extends Controller {
// unset cookie
setcookie('setup_arguments', '', time()-3600);
$transaction_authorised = env('TMP_SETUP_AUTH_KEY') == $setup_finish_args->setup_auth_key;
$transaction_authorised = env('TMP_SETUP_AUTH_KEY') === $setup_finish_args->setup_auth_key;
if ($transaction_authorised != true) {
abort(403, 'Transaction unauthorised.');
}
$usersTableExists = Schema::hasTable('users');
if ($usersTableExists) {
// If the users table exists, then the setup process may have already been completed before.
abort(403, 'Setup has been completed already.');
}
$database_created = self::createDatabase();
if (!$database_created) {
return redirect(route('setup'))->with('error', 'Could not create database. Perhaps your credentials were incorrect?');

2
composer.json
View File

@ -14,7 +14,7 @@
"torann/geoip": "^1.0",
"geoip2/geoip2": "^2.4",
"nesbot/carbon": "^1.22",
"doctrine/dbal": "^2.5",
"doctrine/dbal": "2.5.11",
"google/recaptcha": "~1.1",
"symfony/http-foundation": "2.7.51"
},

724
composer.lock generated
View File

File diff suppressed because it is too large Load Diff