Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require password confirmation before installing plugins #14387

Merged
merged 5 commits into from May 2, 2019
Merged

Require password confirmation before installing plugins #14387

merged 5 commits into from May 2, 2019

Conversation

katebutler
Copy link

FIxes #13581

@katebutler katebutler added the Needs Review PRs that need a code review label Apr 29, 2019
@katebutler katebutler added this to the 3.11.0 milestone Apr 29, 2019
tsteur
tsteur requested changes May 2, 2019
View reviewed changes
Copy link
Member

@tsteur tsteur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@katebutler 👍 worked. Left 2 minor comments that be changed quickly, then we can merge :)

plugins/CorePluginsAdmin/Controller.php Outdated
)) {
throw new \Exception($this->translator->translate('Login_LoginPasswordNotCorrect'));
}

static::dieIfPluginsAdminIsDisabled();
Piwik::checkUserHasSuperUserAccess();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to make sure to first perform several checks before performing the password check. Meaning we need to make sure

  • admin is not disabled
  • user has super user access.
  • Plugin upload is enabled
  • Nonce check is correct

Otherwise could be potentially misused for brute forcing password etc. (it would actually not really be possible) but it's a lot safer to do the password check only after a nonce etc. Could even check it only shortly before $this->configureView('@CorePluginsAdmin/uploadPlugin'); so we make sure the basic things are correct.

Works otherwise, we only need to make sure to move the check further down

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough, have moved it to just before validation of the uploaded file

plugins/CorePluginsAdmin/Controller.php Outdated Show resolved Hide resolved
@tsteur tsteur merged commit 3492c37 into 3.x-dev May 2, 2019
@tsteur tsteur deleted the 13581 branch May 2, 2019 21:10
@mattab mattab modified the milestones: 3.11.0, 3.10.0 May 28, 2019
@mattab mattab added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Jun 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsteur tsteur tsteur requested changes

Assignees
No one assigned
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Needs Review PRs that need a code review
Projects
None yet
Milestone
3.10.0
Development

Successfully merging this pull request may close these issues.

Before installing a new plugin (via Marketplace or direct upload), ask again Super User password
3 participants
@katebutler @tsteur @mattab