natto1784/aslichan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CSRF protection

Browse Source
This commit is contained in:
Michael Save
2012-08-27 15:19:05 +10:00
parent 4a9d497a94
commit 6229b82a43
8 changed files with 82 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
inc/mod/auth.php
View File

@@ -150,3 +150,9 @@ function create_pm_header() {
return $header;
}
function make_secure_link_token($uri) {
global $mod, $config;
return substr(sha1($config['cookies']['salt'] . '-' . $uri . '-' . $mod['id']), 0, 8);
}

17
inc/mod/pages.php
View File

@@ -60,7 +60,7 @@ function mod_login() {
}
function mod_confirm($request) {
mod_page(_('Confirm action'), 'mod/confirm.html', array('request' => $request));
mod_page(_('Confirm action'), 'mod/confirm.html', array('request' => $request, 'token' => make_secure_link_token($request)));
}
function mod_logout() {
@@ -563,7 +563,7 @@ function mod_ban() {
error($config['error']['noaccess']);
if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
mod_page(_('New ban'), 'mod/ban_form.html', array());
mod_page(_('New ban'), 'mod/ban_form.html', array('token' => make_secure_link_token('ban')));
return;
}
@@ -883,10 +883,12 @@ function mod_move($originBoard, $postID) {
if (count($boards) <= 1)
error(_('Impossible to move thread; there is only one board.'));
mod_page(_('Move thread'), 'mod/move.html', array('post' => $postID, 'board' => $originBoard, 'boards' => $boards));
$security_token = make_secure_link_token($originBoard . '/move/' . $postID);
mod_page(_('Move thread'), 'mod/move.html', array('post' => $postID, 'board' => $originBoard, 'boards' => $boards, 'token' => $security_token));
}
function mod_ban_post($board, $delete, $post) {
function mod_ban_post($board, $delete, $post, $token = false) {
global $config, $mod;
if (!openBoard($board))
@@ -895,6 +897,8 @@ function mod_ban_post($board, $delete, $post) {
if (!hasPermission($config['mod']['delete'], $board))
error($config['error']['noaccess']);
$security_token = make_secure_link_token($board . '/ban' . ($delete ? '&delete' : '') . '/' . $post);
$query = prepare(sprintf('SELECT `ip`, `thread` FROM `posts_%s` WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
@@ -903,7 +907,7 @@ function mod_ban_post($board, $delete, $post) {
$thread = $_post['thread'];
$ip = $_post['ip'];
if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
require_once 'inc/mod/ban.php';
@@ -939,7 +943,8 @@ function mod_ban_post($board, $delete, $post) {
'post' => $post,
'board' => $board,
'delete' => (bool)$delete,
'boards' => listBoards()
'boards' => listBoards(),
'token' => $security_token
);
mod_page(_('New ban'), 'mod/ban_form.html', $args);