CSRF Protection for login and new notice. Ticket #503
darcs-hash:20081111022330-462f3-810b2a86e6e209330ade628fc0e97df96151d496.gz
This commit is contained in:
zach
parent
aac0605bd1
commit
1e8d26baec
|
|
@ -37,8 +37,15 @@ class LoginAction extends Action {
|
|||
}
|
||||
|
||||
function check_login() {
|
||||
# XXX: form token in $_SESSION to prevent XSS
|
||||
# XXX: login throttle
|
||||
|
||||
# CSRF protection - token set in common_notice_form()
|
||||
$token = $this->trimmed('token');
|
||||
if (!$token || $token != common_session_token()) {
|
||||
$this->client_error(_('There was a problem with your session token. Try again, please.'));
|
||||
return;
|
||||
}
|
||||
|
||||
$nickname = common_canonical_nickname($this->trimmed('nickname'));
|
||||
$password = $this->arg('password');
|
||||
if (common_check_user($nickname, $password)) {
|
||||
|
|
@ -104,6 +111,7 @@ class LoginAction extends Action {
|
|||
_('Automatically login in the future; ' .
|
||||
'not for shared computers!'));
|
||||
common_submit('submit', _('Login'));
|
||||
common_hidden('token', common_session_token());
|
||||
common_element_end('form');
|
||||
common_element_start('p');
|
||||
common_element('a', array('href' => common_local_url('recoverpassword')),
|
||||
|
|
|
|||
|
|
@ -36,6 +36,13 @@ class NewnoticeAction extends Action {
|
|||
|
||||
function save_new_notice() {
|
||||
|
||||
# CSRF protection - token set in common_notice_form()
|
||||
$token = $this->trimmed('token');
|
||||
if (!$token || $token != common_session_token()) {
|
||||
$this->client_error(_('There was a problem with your session token. Try again, please.'));
|
||||
return;
|
||||
}
|
||||
|
||||
$user = common_current_user();
|
||||
assert($user); # XXX: maybe an error instead...
|
||||
$content = $this->trimmed('status_textarea');
|
||||
|
|
|
|||
|
|
@ -142,6 +142,8 @@ class NoticesearchAction extends SearchAction {
|
|||
'onclick' => 'doreply("'.$profile->nickname.'"); return false',
|
||||
'title' => _('reply'),
|
||||
'class' => 'replybutton'));
|
||||
common_hidden('posttoken', common_session_token());
|
||||
|
||||
common_raw('→');
|
||||
common_element_end('a');
|
||||
common_element_end('p');
|
||||
|
|
|
|||
|
|
@ -1359,6 +1359,7 @@ function common_notice_form($action=NULL, $content=NULL) {
|
|||
'rows' => 3,
|
||||
'name' => 'status_textarea'),
|
||||
($content) ? $content : '');
|
||||
common_hidden('token', common_session_token());
|
||||
if ($action) {
|
||||
common_hidden('returnto', $action);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue