GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

csrf protection in userauthorization

Browse Source 
darcs-hash:20080829052732-84dde-0ebb7e32236b480cc3aa2eb7a4bb2b41ff6177d6.gz
This commit is contained in:
Evan Prodromou 2008-08-29 01:27:32 -04:00
parent 9b741c4f9a
commit 63438008e0
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
actions/userauthorization.php
View File

@ -23,11 +23,18 @@ require_once(INSTALLDIR.'/lib/omb.php');
define('TIMESTAMP_THRESHOLD', 300); define('TIMESTAMP_THRESHOLD', 300);
class UserauthorizationAction extends Action { class UserauthorizationAction extends Action {
function handle($args) { function handle($args) {
parent::handle($args); parent::handle($args);
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
# CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
$req = $this->get_stored_request();
$this->show_form(_('There was a problem with your session token. Try again, please.'), $req);
return;
}
# We've shown the form, now post user's choice # We've shown the form, now post user's choice
$this->send_authorization(); $this->send_authorization();
} else { } else {