Mibew/tray
1
0
Fork 0
mirror of https://github.com/Mibew/tray.git synced 2025-01-22 18:10:34 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

format the code; remove comments in the client code; move csrfchecktoken() right after check_login()

Browse Source
This commit is contained in:
Evgeny Gryaznov 2012-06-27 09:51:16 +02:00
parent 2d04bbe4ee
commit dd6632ffdf
19 changed files with 42 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/messenger/webim/libs/common.php
View File

@ -689,7 +689,8 @@ function jspath()
} }
/* authorization token check for CSRF attack */ /* authorization token check for CSRF attack */
function csrfchecktoken(){ function csrfchecktoken()
{
setcsrftoken(); setcsrftoken();
// check the turing code for post requests and del requests // check the turing code for post requests and del requests
@ -708,21 +709,24 @@ function csrfchecktoken(){
} }
/* print csrf token as a hidden field*/ /* print csrf token as a hidden field*/
function print_csrf_token_input(){ function print_csrf_token_input()
{
setcsrftoken(); setcsrftoken();
echo "<input name='csrf_token' type='hidden' value='" . $_SESSION['csrf_token'] . "' />"; echo "<input name='csrf_token' type='hidden' value='" . $_SESSION['csrf_token'] . "' />";
} }
/* print csrf token in url format */ /* print csrf token in url format */
function print_csrf_token_in_url(){ function print_csrf_token_in_url()
{
setcsrftoken(); setcsrftoken();
echo "&amp;csrf_token=" . $_SESSION['csrf_token']; echo "&amp;csrf_token=" . $_SESSION['csrf_token'];
} }
/* set csrf token */ /* set csrf token */
function setcsrftoken(){ function setcsrftoken()
{
if (!isset($_SESSION['csrf_token'])) { if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = sha1(rand(10000000, 99999999)); $_SESSION['csrf_token'] = sha1(rand(10000000, 99999999));
} }

3
src/messenger/webim/operator/avatar.php
View File

@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/operator_settings.php'); require_once('../libs/operator_settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$opId = verifyparam("op", "/^\d{1,9}$/"); $opId = verifyparam("op", "/^\d{1,9}$/");
$page = array('opid' => $opId, 'avatar' => ''); $page = array('opid' => $opId, 'avatar' => '');

3
src/messenger/webim/operator/canned.php
View File

@ -25,9 +25,8 @@ require_once('../libs/settings.php');
require_once('../libs/groups.php'); require_once('../libs/groups.php');
require_once('../libs/pagination.php'); require_once('../libs/pagination.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
loadsettings(); loadsettings();
$errors = array(); $errors = array();

3
src/messenger/webim/operator/cannededit.php
View File

@ -23,8 +23,6 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/pagination.php'); require_once('../libs/pagination.php');
csrfchecktoken();
function load_message($key) function load_message($key)
{ {
global $mysqlprefix; global $mysqlprefix;
@ -54,6 +52,7 @@ function add_message($locale, $groupid, $message)
} }
$operator = check_login(); $operator = check_login();
csrfchecktoken();
loadsettings(); loadsettings();
$stringid = verifyparam("key", "/^\d{0,9}$/", ""); $stringid = verifyparam("key", "/^\d{0,9}$/", "");

3
src/messenger/webim/operator/features.php
View File

@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/settings.php'); require_once('../libs/settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$page = array('agentId' => ''); $page = array('agentId' => '');
$errors = array(); $errors = array();

3
src/messenger/webim/operator/operator.php
View File

@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/operator_settings.php'); require_once('../libs/operator_settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$page = array('opid' => ''); $page = array('opid' => '');
$errors = array(); $errors = array();

3
src/messenger/webim/operator/operators.php
View File

@ -22,9 +22,8 @@
require_once('../libs/common.php'); require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
if (isset($_GET['act']) && $_GET['act'] == 'del') { if (isset($_GET['act']) && $_GET['act'] == 'del') {
$operatorid = isset($_GET['id']) ? $_GET['id'] : ""; $operatorid = isset($_GET['id']) ? $_GET['id'] : "";

3
src/messenger/webim/operator/performance.php
View File

@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/settings.php'); require_once('../libs/settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$page = array('agentId' => ''); $page = array('agentId' => '');
$errors = array(); $errors = array();

2
src/messenger/webim/operator/permissions.php
View File

@ -23,8 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/operator_settings.php'); require_once('../libs/operator_settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
function update_operator_permissions($operatorid, $newvalue) function update_operator_permissions($operatorid, $newvalue)
{ {

3
src/messenger/webim/operator/settings.php
View File

@ -23,9 +23,8 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/settings.php'); require_once('../libs/settings.php');
csrfchecktoken();
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$page = array('agentId' => ''); $page = array('agentId' => '');
$errors = array(); $errors = array();

3
src/messenger/webim/operator/translate.php
View File

@ -23,8 +23,6 @@ require_once('../libs/common.php');
require_once('../libs/operator.php'); require_once('../libs/operator.php');
require_once('../libs/pagination.php'); require_once('../libs/pagination.php');
csrfchecktoken();
function compare_localization_by_l1($a, $b) function compare_localization_by_l1($a, $b)
{ {
if ($a == $b) { if ($a == $b) {
@ -121,6 +119,7 @@ function get_auxiliary($s)
} }
$operator = check_login(); $operator = check_login();
csrfchecktoken();
$source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale); $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale);
$target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale); $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale);

3
src/messenger/webim/view/agent.php
View File

@ -50,10 +50,7 @@ require_once('inc_errors.php');
<?php if( $page['opid'] || $page['canmodify'] ) { ?> <?php if( $page['opid'] || $page['canmodify'] ) { ?>
<form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php"> <form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/> <input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/>
<div> <div>
<?php if(!$page['needChangePassword']) { print_tabbar(); } ?> <?php if(!$page['needChangePassword']) { print_tabbar(); } ?>

3
src/messenger/webim/view/avatar.php
View File

@ -36,10 +36,7 @@ require_once('inc_errors.php');
?> ?>
<form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data"> <form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data">
<!-- add csrf token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/> <input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>

3
src/messenger/webim/view/cannededit.php
View File

@ -44,10 +44,7 @@ require_once('inc_errors.php');
?> ?>
<form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php"> <form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/> <input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
<?php if(!$page['key']) { ?> <?php if(!$page['key']) { ?>
<input type="hidden" name="lang" value="<?php echo $page['locale'] ?>"/> <input type="hidden" name="lang" value="<?php echo $page['locale'] ?>"/>

3
src/messenger/webim/view/features.php
View File

@ -73,10 +73,7 @@ require_once('inc_errors.php');
<?php } ?> <?php } ?>
<form name="features" method="post" action="<?php echo $webimroot ?>/operator/features.php"> <form name="features" method="post" action="<?php echo $webimroot ?>/operator/features.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="sent" value="true"/> <input type="hidden" name="sent" value="true"/>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>

3
src/messenger/webim/view/performance.php
View File

@ -39,10 +39,7 @@ require_once('inc_errors.php');
<?php } ?> <?php } ?>
<form name="performance" method="post" action="<?php echo $webimroot ?>/operator/performance.php"> <form name="performance" method="post" action="<?php echo $webimroot ?>/operator/performance.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner"> <div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">

3
src/messenger/webim/view/permissions.php
View File

@ -39,10 +39,7 @@ require_once('inc_errors.php');
<?php } ?> <?php } ?>
<form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php"> <form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php">
<!-- add csrf token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/> <input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>

3
src/messenger/webim/view/settings.php
View File

@ -39,10 +39,7 @@ require_once('inc_errors.php');
<?php } ?> <?php } ?>
<form name="settings" method="post" action="<?php echo $webimroot ?>/operator/settings.php"> <form name="settings" method="post" action="<?php echo $webimroot ?>/operator/settings.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<div> <div>
<?php print_tabbar(); ?> <?php print_tabbar(); ?>
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner"> <div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">

3
src/messenger/webim/view/translate.php
View File

@ -44,10 +44,7 @@ require_once('inc_errors.php');
?> ?>
<form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php"> <form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php">
<!-- add auth token -->
<?php print_csrf_token_input() ?> <?php print_csrf_token_input() ?>
<input type="hidden" name="key" value="<?php echo $page['key'] ?>"/> <input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
<input type="hidden" name="target" value="<?php echo $page['target'] ?>"/> <input type="hidden" name="target" value="<?php echo $page['target'] ?>"/>
<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner"> <div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">