Mibew/i18n
1
0
Fork 0
mirror of https://github.com/Mibew/i18n.git synced 2025-01-22 21:40:28 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

enable act=del url check for auth tokens for csrf attacks

Browse Source
This commit is contained in:
YuFei Zhu 2012-04-30 17:09:11 +01:00
parent b84b439358
commit 8abf075e2f
3 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/messenger/webim/libs/common.php
View File

@ -690,17 +690,22 @@ function jspath()
/* authorization token check for CSRF attack */ /* authorization token check for CSRF attack */
function csrfchecktoken(){ function csrfchecktoken(){
/* if auth token not set, set it now */
if(!isset($_SESSION['csrf_token'])){ if(!isset($_SESSION['csrf_token'])){
$_SESSION['csrf_token']=sha1(rand(10000000,99999999)); $_SESSION['csrf_token']=sha1(rand(10000000,99999999));
} }
// check the turing code
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
//if token match
if(!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])){
die("CSRF failure"); // check the turing code for post requests and del requests
} if ($_SERVER['REQUEST_METHOD'] == 'POST'){
//if token match
if(!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])){
die("CSRF failure");
} }
} else if($_GET['act'] == 'del' && $_GET['csrf_token'] != $_SESSION['csrf_token']){
die("CSRF failure");
}
} }
/* print csrf token as a hidden field*/ /* print csrf token as a hidden field*/
@ -708,4 +713,9 @@ function print_csrf_token_input(){
echo "<input name='csrf_token' type='hidden' value='".$_SESSION['csrf_token']."' />"; echo "<input name='csrf_token' type='hidden' value='".$_SESSION['csrf_token']."' />";
} }
/* print csrf token in url format */
function print_csrf_token_in_url(){
echo "&amp;csrf_token=".$_SESSION['csrf_token'];
}
?> ?>

2
src/messenger/webim/operator/operators.php
View File

@ -22,6 +22,8 @@
require_once('../libs/common.php'); require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
if (isset($_GET['act']) && $_GET['act'] == 'del') { if (isset($_GET['act']) && $_GET['act'] == 'del') {

4
src/messenger/webim/view/agents.php
View File

@ -86,7 +86,7 @@ require_once('inc_errors.php');
</td> </td>
<?php if($page['canmodify']) { ?> <?php if($page['canmodify']) { ?>
<td> <td>
<a class="removelink" id="i<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&amp;id=<?php echo $a['operatorid'] ?>"> <a class="removelink" id="i<?php echo $a['operatorid'] ?>" href="<?php echo $webimroot ?>/operator/operators.php?act=del&amp;id=<?php echo $a['operatorid'] ?><?php print_csrf_token_in_url() ?>">
remove remove
</a> </a>
</td> </td>
@ -106,4 +106,4 @@ $('a.removelink').click(function(){
} /* content */ } /* content */
require_once('inc_main.php'); require_once('inc_main.php');
?> ?>