diff options
| author | zach <zach@controlyourself.ca> | 2008-11-10 21:23:30 -0500 |
|---|---|---|
| committer | zach <zach@controlyourself.ca> | 2008-11-10 21:23:30 -0500 |
| commit | 1e8d26baecad6ca1088ea7815fe2615fb520a10e (patch) | |
| tree | 6a43fb0cb1fdd58bb59c352d79d643ae1b56a8ce /actions | |
| parent | aac0605bd1baf1462a20646c01edc19557a33b93 (diff) | |
CSRF Protection for login and new notice. Ticket #503
darcs-hash:20081111022330-462f3-810b2a86e6e209330ade628fc0e97df96151d496.gz
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/login.php | 10 | ||||
| -rw-r--r-- | actions/newnotice.php | 25 | ||||
| -rw-r--r-- | actions/noticesearch.php | 2 |
3 files changed, 27 insertions, 10 deletions
diff --git a/actions/login.php b/actions/login.php index f183c1cd4..ccec9cf8a 100644 --- a/actions/login.php +++ b/actions/login.php @@ -37,8 +37,15 @@ class LoginAction extends Action { } function check_login() { - # XXX: form token in $_SESSION to prevent XSS # XXX: login throttle + + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + $nickname = common_canonical_nickname($this->trimmed('nickname')); $password = $this->arg('password'); if (common_check_user($nickname, $password)) { @@ -104,6 +111,7 @@ class LoginAction extends Action { _('Automatically login in the future; ' . 'not for shared computers!')); common_submit('submit', _('Login')); + common_hidden('token', common_session_token()); common_element_end('form'); common_element_start('p'); common_element('a', array('href' => common_local_url('recoverpassword')), diff --git a/actions/newnotice.php b/actions/newnotice.php index b5fc98c37..37cca982d 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -20,7 +20,7 @@ if (!defined('LACONICA')) { exit(1); } class NewnoticeAction extends Action { - + function handle($args) { parent::handle($args); # XXX: Ajax! @@ -36,10 +36,17 @@ class NewnoticeAction extends Action { function save_new_notice() { + # CSRF protection - token set in common_notice_form() + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->client_error(_('There was a problem with your session token. Try again, please.')); + return; + } + $user = common_current_user(); assert($user); # XXX: maybe an error instead... $content = $this->trimmed('status_textarea'); - + if (!$content) { $this->show_form(_('No content!')); return; @@ -51,9 +58,9 @@ class NewnoticeAction extends Action { } $inter = new CommandInterpreter(); - + $cmd = $inter->handle_command($user, $content); - + if ($cmd) { $cmd->execute(new WebChannel()); return; @@ -62,18 +69,18 @@ class NewnoticeAction extends Action { $replyto = $this->trimmed('inreplyto'); common_debug("Replyto = $replyto\n"); - + $notice = Notice::saveNew($user->id, $content, 'web', 1, ($replyto == 'false') ? NULL : $replyto); - + if (is_string($notice)) { $this->show_form($notice); return; } - + common_broadcast_notice($notice); - + $returnto = $this->trimmed('returnto'); - + if ($returnto) { $url = common_local_url($returnto, array('nickname' => $user->nickname)); diff --git a/actions/noticesearch.php b/actions/noticesearch.php index e6de21ae0..bc052d512 100644 --- a/actions/noticesearch.php +++ b/actions/noticesearch.php @@ -142,6 +142,8 @@ class NoticesearchAction extends SearchAction { 'onclick' => 'doreply("'.$profile->nickname.'"); return false', 'title' => _('reply'), 'class' => 'replybutton')); + common_hidden('posttoken', common_session_token()); + common_raw('→'); common_element_end('a'); common_element_end('p'); |