summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorzach <zach@controlyourself.ca>2008-11-10 21:23:30 -0500
committerzach <zach@controlyourself.ca>2008-11-10 21:23:30 -0500
commit1e8d26baecad6ca1088ea7815fe2615fb520a10e (patch)
tree6a43fb0cb1fdd58bb59c352d79d643ae1b56a8ce /actions
parentaac0605bd1baf1462a20646c01edc19557a33b93 (diff)
CSRF Protection for login and new notice. Ticket #503
darcs-hash:20081111022330-462f3-810b2a86e6e209330ade628fc0e97df96151d496.gz
Diffstat (limited to 'actions')
-rw-r--r--actions/login.php10
-rw-r--r--actions/newnotice.php25
-rw-r--r--actions/noticesearch.php2
3 files changed, 27 insertions, 10 deletions
diff --git a/actions/login.php b/actions/login.php
index f183c1cd4..ccec9cf8a 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -37,8 +37,15 @@ class LoginAction extends Action {
}
function check_login() {
- # XXX: form token in $_SESSION to prevent XSS
# XXX: login throttle
+
+ # CSRF protection - token set in common_notice_form()
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->client_error(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
$nickname = common_canonical_nickname($this->trimmed('nickname'));
$password = $this->arg('password');
if (common_check_user($nickname, $password)) {
@@ -104,6 +111,7 @@ class LoginAction extends Action {
_('Automatically login in the future; ' .
'not for shared computers!'));
common_submit('submit', _('Login'));
+ common_hidden('token', common_session_token());
common_element_end('form');
common_element_start('p');
common_element('a', array('href' => common_local_url('recoverpassword')),
diff --git a/actions/newnotice.php b/actions/newnotice.php
index b5fc98c37..37cca982d 100644
--- a/actions/newnotice.php
+++ b/actions/newnotice.php
@@ -20,7 +20,7 @@
if (!defined('LACONICA')) { exit(1); }
class NewnoticeAction extends Action {
-
+
function handle($args) {
parent::handle($args);
# XXX: Ajax!
@@ -36,10 +36,17 @@ class NewnoticeAction extends Action {
function save_new_notice() {
+ # CSRF protection - token set in common_notice_form()
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->client_error(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+
$user = common_current_user();
assert($user); # XXX: maybe an error instead...
$content = $this->trimmed('status_textarea');
-
+
if (!$content) {
$this->show_form(_('No content!'));
return;
@@ -51,9 +58,9 @@ class NewnoticeAction extends Action {
}
$inter = new CommandInterpreter();
-
+
$cmd = $inter->handle_command($user, $content);
-
+
if ($cmd) {
$cmd->execute(new WebChannel());
return;
@@ -62,18 +69,18 @@ class NewnoticeAction extends Action {
$replyto = $this->trimmed('inreplyto');
common_debug("Replyto = $replyto\n");
-
+
$notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? NULL : $replyto);
-
+
if (is_string($notice)) {
$this->show_form($notice);
return;
}
-
+
common_broadcast_notice($notice);
-
+
$returnto = $this->trimmed('returnto');
-
+
if ($returnto) {
$url = common_local_url($returnto,
array('nickname' => $user->nickname));
diff --git a/actions/noticesearch.php b/actions/noticesearch.php
index e6de21ae0..bc052d512 100644
--- a/actions/noticesearch.php
+++ b/actions/noticesearch.php
@@ -142,6 +142,8 @@ class NoticesearchAction extends SearchAction {
'onclick' => 'doreply("'.$profile->nickname.'"); return false',
'title' => _('reply'),
'class' => 'replybutton'));
+ common_hidden('posttoken', common_session_token());
+
common_raw('&rarr;');
common_element_end('a');
common_element_end('p');