From 1e8d26baecad6ca1088ea7815fe2615fb520a10e Mon Sep 17 00:00:00 2001 From: zach Date: Mon, 10 Nov 2008 21:23:30 -0500 Subject: CSRF Protection for login and new notice. Ticket #503 darcs-hash:20081111022330-462f3-810b2a86e6e209330ade628fc0e97df96151d496.gz --- actions/newnotice.php | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'actions/newnotice.php') diff --git a/actions/newnotice.php b/actions/newnotice.php index b5fc98c37..37cca982d 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -20,7 +20,7 @@ if (!defined('LACONICA')) { exit(1); } class NewnoticeAction extends Action { - + function handle($args) { parent::handle($args); # XXX: Ajax! @@ -36,10 +36,17 @@ class NewnoticeAction extends Action { function save_new_notice() { + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + $user = common_current_user(); assert($user); # XXX: maybe an error instead... $content = $this->trimmed('status_textarea'); - + if (!$content) { $this->show_form(_('No content!')); return; @@ -51,9 +58,9 @@ class NewnoticeAction extends Action { } $inter = new CommandInterpreter(); - + $cmd = $inter->handle_command($user, $content); - + if ($cmd) { $cmd->execute(new WebChannel()); return; @@ -62,18 +69,18 @@ class NewnoticeAction extends Action { $replyto = $this->trimmed('inreplyto'); common_debug("Replyto = $replyto\n"); - + $notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? NULL : $replyto); - + if (is_string($notice)) { $this->show_form($notice); return; } - + common_broadcast_notice($notice); - + $returnto = $this->trimmed('returnto'); - + if ($returnto) { $url = common_local_url($returnto, array('nickname' => $user->nickname)); -- cgit v1.2.3-54-g00ecf