CSRF Protection for login and new notice. Ticket #503

darcs-hash:20081111022330-462f3-810b2a86e6e209330ade628fc0e97df96151d496.gz
This commit is contained in:
zach 2008-11-10 21:23:30 -05:00
parent aac0605bd1
commit 1e8d26baec
4 changed files with 29 additions and 11 deletions

View File

@ -37,8 +37,15 @@ class LoginAction extends Action {
} }
function check_login() { function check_login() {
# XXX: form token in $_SESSION to prevent XSS
# XXX: login throttle # XXX: login throttle
# CSRF protection - token set in common_notice_form()
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->client_error(_('There was a problem with your session token. Try again, please.'));
return;
}
$nickname = common_canonical_nickname($this->trimmed('nickname')); $nickname = common_canonical_nickname($this->trimmed('nickname'));
$password = $this->arg('password'); $password = $this->arg('password');
if (common_check_user($nickname, $password)) { if (common_check_user($nickname, $password)) {
@ -104,6 +111,7 @@ class LoginAction extends Action {
_('Automatically login in the future; ' . _('Automatically login in the future; ' .
'not for shared computers!')); 'not for shared computers!'));
common_submit('submit', _('Login')); common_submit('submit', _('Login'));
common_hidden('token', common_session_token());
common_element_end('form'); common_element_end('form');
common_element_start('p'); common_element_start('p');
common_element('a', array('href' => common_local_url('recoverpassword')), common_element('a', array('href' => common_local_url('recoverpassword')),

View File

@ -20,7 +20,7 @@
if (!defined('LACONICA')) { exit(1); } if (!defined('LACONICA')) { exit(1); }
class NewnoticeAction extends Action { class NewnoticeAction extends Action {
function handle($args) { function handle($args) {
parent::handle($args); parent::handle($args);
# XXX: Ajax! # XXX: Ajax!
@ -36,10 +36,17 @@ class NewnoticeAction extends Action {
function save_new_notice() { function save_new_notice() {
# CSRF protection - token set in common_notice_form()
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$this->client_error(_('There was a problem with your session token. Try again, please.'));
return;
}
$user = common_current_user(); $user = common_current_user();
assert($user); # XXX: maybe an error instead... assert($user); # XXX: maybe an error instead...
$content = $this->trimmed('status_textarea'); $content = $this->trimmed('status_textarea');
if (!$content) { if (!$content) {
$this->show_form(_('No content!')); $this->show_form(_('No content!'));
return; return;
@ -51,9 +58,9 @@ class NewnoticeAction extends Action {
} }
$inter = new CommandInterpreter(); $inter = new CommandInterpreter();
$cmd = $inter->handle_command($user, $content); $cmd = $inter->handle_command($user, $content);
if ($cmd) { if ($cmd) {
$cmd->execute(new WebChannel()); $cmd->execute(new WebChannel());
return; return;
@ -62,18 +69,18 @@ class NewnoticeAction extends Action {
$replyto = $this->trimmed('inreplyto'); $replyto = $this->trimmed('inreplyto');
common_debug("Replyto = $replyto\n"); common_debug("Replyto = $replyto\n");
$notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? NULL : $replyto); $notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? NULL : $replyto);
if (is_string($notice)) { if (is_string($notice)) {
$this->show_form($notice); $this->show_form($notice);
return; return;
} }
common_broadcast_notice($notice); common_broadcast_notice($notice);
$returnto = $this->trimmed('returnto'); $returnto = $this->trimmed('returnto');
if ($returnto) { if ($returnto) {
$url = common_local_url($returnto, $url = common_local_url($returnto,
array('nickname' => $user->nickname)); array('nickname' => $user->nickname));

View File

@ -142,6 +142,8 @@ class NoticesearchAction extends SearchAction {
'onclick' => 'doreply("'.$profile->nickname.'"); return false', 'onclick' => 'doreply("'.$profile->nickname.'"); return false',
'title' => _('reply'), 'title' => _('reply'),
'class' => 'replybutton')); 'class' => 'replybutton'));
common_hidden('posttoken', common_session_token());
common_raw('→'); common_raw('→');
common_element_end('a'); common_element_end('a');
common_element_end('p'); common_element_end('p');

View File

@ -1353,12 +1353,13 @@ function common_notice_form($action=NULL, $content=NULL) {
common_element('label', array('for' => 'status_textarea', common_element('label', array('for' => 'status_textarea',
'id' => 'status_label'), 'id' => 'status_label'),
sprintf(_('What\'s up, %s?'), $user->nickname)); sprintf(_('What\'s up, %s?'), $user->nickname));
common_element('span', array('id' => 'counter', 'class' => 'counter'), '140'); common_element('span', array('id' => 'counter', 'class' => 'counter'), '140');
common_element('textarea', array('id' => 'status_textarea', common_element('textarea', array('id' => 'status_textarea',
'cols' => 60, 'cols' => 60,
'rows' => 3, 'rows' => 3,
'name' => 'status_textarea'), 'name' => 'status_textarea'),
($content) ? $content : ''); ($content) ? $content : '');
common_hidden('token', common_session_token());
if ($action) { if ($action) {
common_hidden('returnto', $action); common_hidden('returnto', $action);
} }