mirror of
https://github.com/cydrobolt/polr.git
synced 2024-09-18 19:52:26 +02:00
Merge pull request from GHSA-vg6w-8w9v-xxqc
This commit is contained in:
parent
10be1cbf40
commit
b198170990
@ -3,6 +3,7 @@ namespace App\Http\Controllers;
|
|||||||
use Illuminate\Http\Request;
|
use Illuminate\Http\Request;
|
||||||
use Illuminate\Http\Redirect;
|
use Illuminate\Http\Redirect;
|
||||||
use Illuminate\Support\Facades\Artisan;
|
use Illuminate\Support\Facades\Artisan;
|
||||||
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
|
||||||
use App\Helpers\CryptoHelper;
|
use App\Helpers\CryptoHelper;
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
@ -218,8 +219,8 @@ class SetupController extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static function finishSetup(Request $request) {
|
public static function finishSetup(Request $request) {
|
||||||
// get data from cookie, decode JSON
|
|
||||||
if (!isset($_COOKIE['setup_arguments'])) {
|
if (!isset($_COOKIE['setup_arguments'])) {
|
||||||
|
// Abort if setup arguments are missing.
|
||||||
abort(404);
|
abort(404);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -229,12 +230,19 @@ class SetupController extends Controller {
|
|||||||
// unset cookie
|
// unset cookie
|
||||||
setcookie('setup_arguments', '', time()-3600);
|
setcookie('setup_arguments', '', time()-3600);
|
||||||
|
|
||||||
$transaction_authorised = env('TMP_SETUP_AUTH_KEY') == $setup_finish_args->setup_auth_key;
|
$transaction_authorised = env('TMP_SETUP_AUTH_KEY') === $setup_finish_args->setup_auth_key;
|
||||||
|
|
||||||
if ($transaction_authorised != true) {
|
if ($transaction_authorised != true) {
|
||||||
abort(403, 'Transaction unauthorised.');
|
abort(403, 'Transaction unauthorised.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$usersTableExists = Schema::hasTable('users');
|
||||||
|
|
||||||
|
if ($usersTableExists) {
|
||||||
|
// If the users table exists, then the setup process may have already been completed before.
|
||||||
|
abort(403, 'Setup has been completed already.');
|
||||||
|
}
|
||||||
|
|
||||||
$database_created = self::createDatabase();
|
$database_created = self::createDatabase();
|
||||||
if (!$database_created) {
|
if (!$database_created) {
|
||||||
return redirect(route('setup'))->with('error', 'Could not create database. Perhaps your credentials were incorrect?');
|
return redirect(route('setup'))->with('error', 'Could not create database. Perhaps your credentials were incorrect?');
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
"torann/geoip": "^1.0",
|
"torann/geoip": "^1.0",
|
||||||
"geoip2/geoip2": "^2.4",
|
"geoip2/geoip2": "^2.4",
|
||||||
"nesbot/carbon": "^1.22",
|
"nesbot/carbon": "^1.22",
|
||||||
"doctrine/dbal": "^2.5",
|
"doctrine/dbal": "2.5.11",
|
||||||
"google/recaptcha": "~1.1",
|
"google/recaptcha": "~1.1",
|
||||||
"symfony/http-foundation": "2.7.51"
|
"symfony/http-foundation": "2.7.51"
|
||||||
},
|
},
|
||||||
|
724
composer.lock
generated
724
composer.lock
generated
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user