hardening: require POST + CSRF token for purge_syslog_hosts utility action #259
Description
Summary
purge_syslog_hosts is currently triggered by a GET link and performs destructive DELETE operations.
Evidence
- Trigger link:
setup.php:1621(utilities.php?action=purge_syslog_hosts) - Destructive path:
setup.php:1568-1604(multipleDELETEstatements) - Core GET guard only blocks specific actions (
save,update_data,changepassword), so this path can still be GET-triggered.
Risk
Authenticated admin users can be induced to trigger data-destructive actions via crafted links/embedded requests.
Expected fix
- Require POST for
purge_syslog_hosts - Require and validate
__csrf_magic - Keep/extend explicit confirmation UX prior to executing deletes