From dd6632ffdf5beeb782dc301ac26f9e11a2b257c3 Mon Sep 17 00:00:00 2001
From: Evgeny Gryaznov <egryaznov@gmail.com>
Date: Wed, 27 Jun 2012 09:51:16 +0200
Subject: [PATCH] format the code; remove comments in the client code; move
csrfchecktoken() right after check_login()
---
src/messenger/webim/libs/common.php | 60 +++++++++++---------
src/messenger/webim/operator/avatar.php | 3 +-
src/messenger/webim/operator/canned.php | 3 +-
src/messenger/webim/operator/cannededit.php | 3 +-
src/messenger/webim/operator/features.php | 3 +-
src/messenger/webim/operator/operator.php | 3 +-
src/messenger/webim/operator/operators.php | 3 +-
src/messenger/webim/operator/performance.php | 3 +-
src/messenger/webim/operator/permissions.php | 2 +-
src/messenger/webim/operator/settings.php | 3 +-
src/messenger/webim/operator/translate.php | 3 +-
src/messenger/webim/view/agent.php | 3 -
src/messenger/webim/view/avatar.php | 3 -
src/messenger/webim/view/cannededit.php | 3 -
src/messenger/webim/view/features.php | 3 -
src/messenger/webim/view/performance.php | 3 -
src/messenger/webim/view/permissions.php | 3 -
src/messenger/webim/view/settings.php | 3 -
src/messenger/webim/view/translate.php | 3 -
19 files changed, 42 insertions(+), 71 deletions(-)
diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php
index ad5e1586..4e8fa8b8 100644
--- a/src/messenger/webim/libs/common.php
+++ b/src/messenger/webim/libs/common.php
@@ -349,7 +349,7 @@ function connect()
die('Mysql extension is not loaded');
}
$link = @mysql_connect($mysqlhost, $mysqllogin, $mysqlpass)
- or die('Could not connect: ' . mysql_error());
+ or die('Could not connect: ' . mysql_error());
mysql_select_db($mysqldb, $link) or die('Could not select database');
if ($force_charset_in_connection) {
mysql_query("SET NAMES '$dbencoding'", $link);
@@ -392,7 +392,7 @@ function db_build_select($fields, $table, $conditions, $orderandgroup)
function db_rows_count($table, $conditions, $countfields, $link)
{
$result = mysql_query(db_build_select("count(" . ($countfields ? $countfields : "*") . ")", $table, $conditions, ""), $link)
- or die(' Count query failed: ' . mysql_error($link));
+ or die(' Count query failed: ' . mysql_error($link));
$line = mysql_fetch_array($result, MYSQL_NUM);
mysql_free_result($result);
return $line[0];
@@ -454,7 +454,7 @@ function no_field($key)
function failed_uploading_file($filename, $key)
{
return getlocal2("errors.failed.uploading.file",
- array($filename, getlocal($key)));
+ array($filename, getlocal($key)));
}
function wrong_field($key)
@@ -689,43 +689,47 @@ function jspath()
}
/* authorization token check for CSRF attack */
-function csrfchecktoken(){
- setcsrftoken();
+function csrfchecktoken()
+{
+ setcsrftoken();
- // check the turing code for post requests and del requests
- if ($_SERVER['REQUEST_METHOD'] == 'POST'){
- //if token match
- if(!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])){
+ // check the turing code for post requests and del requests
+ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ //if token match
+ if (!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])) {
- die("CSRF failure");
- }
- } else if(isset($_GET['act'])){
- if(($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']){
-
- die("CSRF failure");
- }
- }
+ die("CSRF failure");
+ }
+ } else if (isset($_GET['act'])) {
+ if (($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']) {
+
+ die("CSRF failure");
+ }
+ }
}
/* print csrf token as a hidden field*/
-function print_csrf_token_input(){
- setcsrftoken();
+function print_csrf_token_input()
+{
+ setcsrftoken();
- echo "<input name='csrf_token' type='hidden' value='".$_SESSION['csrf_token']."' />";
+ echo "<input name='csrf_token' type='hidden' value='" . $_SESSION['csrf_token'] . "' />";
}
/* print csrf token in url format */
-function print_csrf_token_in_url(){
- setcsrftoken();
-
- echo "&csrf_token=".$_SESSION['csrf_token'];
+function print_csrf_token_in_url()
+{
+ setcsrftoken();
+
+ echo "&csrf_token=" . $_SESSION['csrf_token'];
}
/* set csrf token */
-function setcsrftoken(){
- if(!isset($_SESSION['csrf_token'])){
- $_SESSION['csrf_token']=sha1(rand(10000000,99999999));
- }
+function setcsrftoken()
+{
+ if (!isset($_SESSION['csrf_token'])) {
+ $_SESSION['csrf_token'] = sha1(rand(10000000, 99999999));
+ }
}
?>
diff --git a/src/messenger/webim/operator/avatar.php b/src/messenger/webim/operator/avatar.php
index 2479adac..26f062b5 100644
--- a/src/messenger/webim/operator/avatar.php
+++ b/src/messenger/webim/operator/avatar.php
@@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/operator_settings.php');
-csrfchecktoken();
-
$operator = check_login();
+csrfchecktoken();
$opId = verifyparam("op", "/^\d{1,9}$/");
$page = array('opid' => $opId, 'avatar' => '');
diff --git a/src/messenger/webim/operator/canned.php b/src/messenger/webim/operator/canned.php
index d326f032..48fd0367 100644
--- a/src/messenger/webim/operator/canned.php
+++ b/src/messenger/webim/operator/canned.php
@@ -25,9 +25,8 @@ require_once('../libs/settings.php');
require_once('../libs/groups.php');
require_once('../libs/pagination.php');
-csrfchecktoken();
-
$operator = check_login();
+csrfchecktoken();
loadsettings();
$errors = array();
diff --git a/src/messenger/webim/operator/cannededit.php b/src/messenger/webim/operator/cannededit.php
index e375ac3b..911e8624 100644
--- a/src/messenger/webim/operator/cannededit.php
+++ b/src/messenger/webim/operator/cannededit.php
@@ -23,8 +23,6 @@ require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/pagination.php');
-csrfchecktoken();
-
function load_message($key)
{
global $mysqlprefix;
@@ -54,6 +52,7 @@ function add_message($locale, $groupid, $message)
}
$operator = check_login();
+csrfchecktoken();
loadsettings();
$stringid = verifyparam("key", "/^\d{0,9}$/", "");
diff --git a/src/messenger/webim/operator/features.php b/src/messenger/webim/operator/features.php
index 9c7fc9ac..2f33a337 100644
--- a/src/messenger/webim/operator/features.php
+++ b/src/messenger/webim/operator/features.php
@@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/settings.php');
-csrfchecktoken();
-
$operator = check_login();
+csrfchecktoken();
$page = array('agentId' => '');
$errors = array();
diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php
index 693b61df..dcf8b824 100644
--- a/src/messenger/webim/operator/operator.php
+++ b/src/messenger/webim/operator/operator.php
@@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/operator_settings.php');
-csrfchecktoken();
-
$operator = check_login();
+csrfchecktoken();
$page = array('opid' => '');
$errors = array();
diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php
index d725b220..b0c35ccd 100644
--- a/src/messenger/webim/operator/operators.php
+++ b/src/messenger/webim/operator/operators.php
@@ -22,9 +22,8 @@
require_once('../libs/common.php');
require_once('../libs/operator.php');
-csrfchecktoken();
-
$operator = check_login();
+csrfchecktoken();
if (isset($_GET['act']) && $_GET['act'] == 'del') {
$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
diff --git a/src/messenger/webim/operator/performance.php b/src/messenger/webim/operator/performance.php
index f2f48e8f..f1bb5d1b 100644
--- a/src/messenger/webim/operator/performance.php
+++ b/src/messenger/webim/operator/performance.php
@@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/settings.php');
-csrfchecktoken();
-
$operator = check_login();
+csrfchecktoken();
$page = array('agentId' => '');
$errors = array();
diff --git a/src/messenger/webim/operator/permissions.php b/src/messenger/webim/operator/permissions.php
index bd2659e8..00a3ba44 100644
--- a/src/messenger/webim/operator/permissions.php
+++ b/src/messenger/webim/operator/permissions.php
@@ -23,8 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/operator_settings.php');
-csrfchecktoken();
$operator = check_login();
+csrfchecktoken();
function update_operator_permissions($operatorid, $newvalue)
{
diff --git a/src/messenger/webim/operator/settings.php b/src/messenger/webim/operator/settings.php
index e8816825..38ca462e 100644
--- a/src/messenger/webim/operator/settings.php
+++ b/src/messenger/webim/operator/settings.php
@@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/settings.php');
-csrfchecktoken();
-
$operator = check_login();
+csrfchecktoken();
$page = array('agentId' => '');
$errors = array();
diff --git a/src/messenger/webim/operator/translate.php b/src/messenger/webim/operator/translate.php
index 368eb8fc..391ff528 100644
--- a/src/messenger/webim/operator/translate.php
+++ b/src/messenger/webim/operator/translate.php
@@ -23,8 +23,6 @@ require_once('../libs/common.php');
require_once('../libs/operator.php');
require_once('../libs/pagination.php');
-csrfchecktoken();
-
function compare_localization_by_l1($a, $b)
{
if ($a == $b) {
@@ -121,6 +119,7 @@ function get_auxiliary($s)
}
$operator = check_login();
+csrfchecktoken();
$source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale);
$target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale);
diff --git a/src/messenger/webim/view/agent.php b/src/messenger/webim/view/agent.php
index f0bb10c7..002cd5ec 100644
--- a/src/messenger/webim/view/agent.php
+++ b/src/messenger/webim/view/agent.php
@@ -50,10 +50,7 @@ require_once('inc_errors.php');
<?php if( $page['opid'] || $page['canmodify'] ) { ?>
<form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
-
-<!-- add auth token -->
<?php print_csrf_token_input() ?>
-
<input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/>
<div>
<?php if(!$page['needChangePassword']) { print_tabbar(); } ?>
diff --git a/src/messenger/webim/view/avatar.php b/src/messenger/webim/view/avatar.php
index b949f2f6..3219f8ce 100644
--- a/src/messenger/webim/view/avatar.php
+++ b/src/messenger/webim/view/avatar.php
@@ -36,10 +36,7 @@ require_once('inc_errors.php');
?>
<form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data">
-
-<!-- add csrf token -->
<?php print_csrf_token_input() ?>
-
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
<div>
<?php print_tabbar(); ?>
diff --git a/src/messenger/webim/view/cannededit.php b/src/messenger/webim/view/cannededit.php
index 11b3c091..7bc487d5 100644
--- a/src/messenger/webim/view/cannededit.php
+++ b/src/messenger/webim/view/cannededit.php
@@ -44,10 +44,7 @@ require_once('inc_errors.php');
?>
<form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php">
-
-<!-- add auth token -->
<?php print_csrf_token_input() ?>
-
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
<?php if(!$page['key']) { ?>
<input type="hidden" name="lang" value="<?php echo $page['locale'] ?>"/>
diff --git a/src/messenger/webim/view/features.php b/src/messenger/webim/view/features.php
index 48f1a1cd..372149be 100644
--- a/src/messenger/webim/view/features.php
+++ b/src/messenger/webim/view/features.php
@@ -73,10 +73,7 @@ require_once('inc_errors.php');
<?php } ?>
<form name="features" method="post" action="<?php echo $webimroot ?>/operator/features.php">
-
-<!-- add auth token -->
<?php print_csrf_token_input() ?>
-
<input type="hidden" name="sent" value="true"/>
<div>
<?php print_tabbar(); ?>
diff --git a/src/messenger/webim/view/performance.php b/src/messenger/webim/view/performance.php
index 5690c90c..0773945c 100644
--- a/src/messenger/webim/view/performance.php
+++ b/src/messenger/webim/view/performance.php
@@ -39,10 +39,7 @@ require_once('inc_errors.php');
<?php } ?>
<form name="performance" method="post" action="<?php echo $webimroot ?>/operator/performance.php">
-
-<!-- add auth token -->
<?php print_csrf_token_input() ?>
-
<div>
<?php print_tabbar(); ?>
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
diff --git a/src/messenger/webim/view/permissions.php b/src/messenger/webim/view/permissions.php
index 7bf433e8..4920e3a2 100644
--- a/src/messenger/webim/view/permissions.php
+++ b/src/messenger/webim/view/permissions.php
@@ -39,10 +39,7 @@ require_once('inc_errors.php');
<?php } ?>
<form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php">
-
-<!-- add csrf token -->
<?php print_csrf_token_input() ?>
-
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
<div>
<?php print_tabbar(); ?>
diff --git a/src/messenger/webim/view/settings.php b/src/messenger/webim/view/settings.php
index d6f150bf..7f2e27b4 100644
--- a/src/messenger/webim/view/settings.php
+++ b/src/messenger/webim/view/settings.php
@@ -39,10 +39,7 @@ require_once('inc_errors.php');
<?php } ?>
<form name="settings" method="post" action="<?php echo $webimroot ?>/operator/settings.php">
-
-<!-- add auth token -->
<?php print_csrf_token_input() ?>
-
<div>
<?php print_tabbar(); ?>
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
diff --git a/src/messenger/webim/view/translate.php b/src/messenger/webim/view/translate.php
index 0b72c222..9d62f4e0 100644
--- a/src/messenger/webim/view/translate.php
+++ b/src/messenger/webim/view/translate.php
@@ -44,10 +44,7 @@ require_once('inc_errors.php');
?>
<form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php">
-
-<!-- add auth token -->
<?php print_csrf_token_input() ?>
-
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
<input type="hidden" name="target" value="<?php echo $page['target'] ?>"/>
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">