Mibew/tray
1
0
Fork 0
mirror of https://github.com/Mibew/tray.git synced 2025-01-22 18:10:34 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

format the code; remove comments in the client code; move csrfchecktoken() right after check_login()

Browse Source 
Conflicts:

	src/messenger/webim/libs/common.php
	src/messenger/webim/operator/canned.php
	src/messenger/webim/operator/cannededit.php
	src/messenger/webim/operator/operators.php
	src/messenger/webim/operator/settings.php
	src/messenger/webim/operator/translate.php
This commit is contained in:
Evgeny Gryaznov 2012-06-27 09:51:16 +02:00 committed by Dmitriy Simushev
parent 3a337c3137
commit 214e52e5c2
19 changed files with 40 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/messenger/webim/libs/common.php
View File

@ -523,7 +523,7 @@ function no_field($key)
function failed_uploading_file($filename, $key) function failed_uploading_file($filename, $key)
{ {
return getlocal2("errors.failed.uploading.file", return getlocal2("errors.failed.uploading.file",
array($filename, getlocal($key))); array($filename, getlocal($key)));
} }
function wrong_field($key) function wrong_field($key)
@ -766,43 +766,47 @@ function jspath()
} }
/* authorization token check for CSRF attack */ /* authorization token check for CSRF attack */
function csrfchecktoken(){ function csrfchecktoken()
setcsrftoken(); {
setcsrftoken();
// check the turing code for post requests and del requests // check the turing code for post requests and del requests
if ($_SERVER['REQUEST_METHOD'] == 'POST'){ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//if token match //if token match
if(!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])){ if (!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])) {
die("CSRF failure"); die("CSRF failure");
} }
} else if(isset($_GET['act'])){ } else if (isset($_GET['act'])) {
if(($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']){ if (($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']) {
die("CSRF failure"); die("CSRF failure");
} }
} }
} }
/* print csrf token as a hidden field*/ /* print csrf token as a hidden field*/
function print_csrf_token_input(){ function print_csrf_token_input()
setcsrftoken(); {
setcsrftoken();
echo "<input name='csrf_token' type='hidden' value='".$_SESSION['csrf_token']."' />"; echo "<input name='csrf_token' type='hidden' value='" . $_SESSION['csrf_token'] . "' />";
} }
/* print csrf token in url format */ /* print csrf token in url format */
function print_csrf_token_in_url(){ function print_csrf_token_in_url()
setcsrftoken(); {
setcsrftoken();
echo "&amp;csrf_token=".$_SESSION['csrf_token'];
echo "&amp;csrf_token=" . $_SESSION['csrf_token'];
} }
/* set csrf token */ /* set csrf token */
function setcsrftoken(){ function setcsrftoken()
if(!isset($_SESSION['csrf_token'])){ {
$_SESSION['csrf_token']=sha1(rand(10000000,99999999)); if (!isset($_SESSION['csrf_token'])) {
} $_SESSION['csrf_token'] = sha1(rand(10000000, 99999999));
}
} }
?> ?>

3
src/messenger/webim/operator/avatar.php
View File

@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/operator_settings.php'); require_once('../libs/operator_settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$opId = verifyparam("op", "/^\d{1,9}$/"); $opId = verifyparam("op", "/^\d{1,9}$/");
$page = array('opid' => $opId, 'avatar' => ''); $page = array('opid' => $opId, 'avatar' => '');

3
src/messenger/webim/operator/canned.php
View File

@ -26,10 +26,9 @@ require_once('../libs/settings.php');
require_once('../libs/groups.php'); require_once('../libs/groups.php');
require_once('../libs/pagination.php'); require_once('../libs/pagination.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
force_password($operator); force_password($operator);
csrfchecktoken();
loadsettings(); loadsettings();

3
src/messenger/webim/operator/cannededit.php
View File

@ -24,9 +24,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/pagination.php'); require_once('../libs/pagination.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
loadsettings(); loadsettings();
$stringid = verifyparam("key", "/^\d{0,9}$/", ""); $stringid = verifyparam("key", "/^\d{0,9}$/", "");

3
src/messenger/webim/operator/features.php
View File

@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/settings.php'); require_once('../libs/settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$page = array('agentId' => ''); $page = array('agentId' => '');
$errors = array(); $errors = array();

3
src/messenger/webim/operator/operator.php
View File

@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/operator_settings.php'); require_once('../libs/operator_settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$page = array('opid' => ''); $page = array('opid' => '');
$errors = array(); $errors = array();

4
src/messenger/webim/operator/operators.php
View File

@ -22,11 +22,9 @@
require_once('../libs/common.php'); require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
force_password($operator); force_password($operator);
csrfchecktoken();
if (isset($_GET['act'])) { if (isset($_GET['act'])) {

3
src/messenger/webim/operator/performance.php
View File

@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/settings.php'); require_once('../libs/settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$page = array('agentId' => ''); $page = array('agentId' => '');
$errors = array(); $errors = array();

2
src/messenger/webim/operator/permissions.php
View File

@ -23,8 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/operator_settings.php'); require_once('../libs/operator_settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
function update_operator_permissions($operatorid, $newvalue) function update_operator_permissions($operatorid, $newvalue)
{ {

3
src/messenger/webim/operator/settings.php
View File

@ -24,10 +24,9 @@ require_once('../libs/operator.php');
require_once('../libs/settings.php'); require_once('../libs/settings.php');
require_once('../libs/styles.php'); require_once('../libs/styles.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
force_password($operator); force_password($operator);
csrfchecktoken();
$page = array('agentId' => ''); $page = array('agentId' => '');
$errors = array(); $errors = array();

4
src/messenger/webim/operator/translate.php
View File

@ -23,8 +23,6 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/pagination.php'); require_once('../libs/pagination.php');
csrfchecktoken();
function compare_localization_by_l1($a, $b) function compare_localization_by_l1($a, $b)
{ {
if ($a == $b) { if ($a == $b) {
@ -122,7 +120,7 @@ function get_auxiliary($s)
$operator = check_login(); $operator = check_login();
force_password($operator); force_password($operator);
csrfchecktoken();
$source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale); $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale);
$target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale); $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale);

3
src/messenger/webim/view/agent.php
View File

@ -50,10 +50,7 @@ require_once('inc_errors.php');
<?php if( $page['opid'] || $page['canmodify'] ) { ?> <?php if( $page['opid'] || $page['canmodify'] ) { ?>
<form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php"> <form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/> <input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/>
<div> <div>
<?php if(!$page['needChangePassword']) { print_tabbar(); } ?> <?php if(!$page['needChangePassword']) { print_tabbar(); } ?>

3
src/messenger/webim/view/avatar.php
View File

@ -36,10 +36,7 @@ require_once('inc_errors.php');
?> ?>
<form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data"> <form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data">
<!-- add csrf token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/> <input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>

3
src/messenger/webim/view/cannededit.php
View File

@ -44,10 +44,7 @@ require_once('inc_errors.php');
?> ?>
<form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php"> <form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/> <input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
<?php if(!$page['key']) { ?> <?php if(!$page['key']) { ?>
<input type="hidden" name="lang" value="<?php echo $page['locale'] ?>"/> <input type="hidden" name="lang" value="<?php echo $page['locale'] ?>"/>

3
src/messenger/webim/view/features.php
View File

@ -85,10 +85,7 @@ require_once('inc_errors.php');
<?php } ?> <?php } ?>
<form name="features" method="post" action="<?php echo $webimroot ?>/operator/features.php"> <form name="features" method="post" action="<?php echo $webimroot ?>/operator/features.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="sent" value="true"/> <input type="hidden" name="sent" value="true"/>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>

3
src/messenger/webim/view/performance.php
View File

@ -39,10 +39,7 @@ require_once('inc_errors.php');
<?php } ?> <?php } ?>
<form name="performance" method="post" action="<?php echo $webimroot ?>/operator/performance.php"> <form name="performance" method="post" action="<?php echo $webimroot ?>/operator/performance.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner"> <div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">

3
src/messenger/webim/view/permissions.php
View File

@ -39,10 +39,7 @@ require_once('inc_errors.php');
<?php } ?> <?php } ?>
<form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php"> <form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php">
<!-- add csrf token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/> <input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>

3
src/messenger/webim/view/settings.php
View File

@ -39,10 +39,7 @@ require_once('inc_errors.php');
<?php } ?> <?php } ?>
<form name="settings" method="post" action="<?php echo $webimroot ?>/operator/settings.php"> <form name="settings" method="post" action="<?php echo $webimroot ?>/operator/settings.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner"> <div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">

3
src/messenger/webim/view/translate.php
View File

@ -44,10 +44,7 @@ require_once('inc_errors.php');
?> ?>
<form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php"> <form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/> <input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
<input type="hidden" name="target" value="<?php echo $page['target'] ?>"/> <input type="hidden" name="target" value="<?php echo $page['target'] ?>"/>
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner"> <div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">