From b717746b48b00e7e0a128a60ed2bf496f3806f18 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 8 Aug 2008 12:34:35 +0000
Subject: Closes #220: Removed action from hash. Timestamp should make this
 unpredictable enough.

git-svn-id: https://code.elgg.org/elgg/trunk@1791 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/actions.php       | 11 ++++-------
 views/default/input/form.php |  3 +--
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 26d56104b..bc8b09589 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -119,14 +119,13 @@
         function action_gatekeeper()
         {
         	$token = get_input('__elgg_token');
-        	$action = get_input('__elgg_action');
         	$ts = get_input('__elgg_ts');
         	$session_id = session_id();
         	
-        	if (($token) && ($action) && ($ts) && ($session_id))
+        	if (($token) && ($ts) && ($session_id))
         	{
 	        	// generate token, check with input and forward if invalid
-	        	$generated_token = generate_action_token($action, $ts);
+	        	$generated_token = generate_action_token($ts);
 	        	
 	        	// Validate token
 	        	if (strcmp($token, $generated_token)==0)
@@ -140,7 +139,6 @@
 	        			$returnval = true; // We have already got this far, so unless anything else says something to the contry we assume we're ok
 	        			
 	        			return trigger_plugin_hook('action_gatekeeper:permissions:check', 'all', array(
-	        				'action' => $action,
 	        				'token' => $token,
 	        				'time' => $ts
 	        			), $returnval);
@@ -161,10 +159,9 @@
         /**
          * Generate a token for the current user suitable for being placed in a hidden field in action forms.
          * 
-         * @param string $action The action being called
          * @param int $timestamp Unix timestamp
          */
-        function generate_action_token($action, $timestamp)
+        function generate_action_token($timestamp)
         {
         	// Get input values
         	$site_secret = get_site_secret();
@@ -173,7 +170,7 @@
         	$session_id = session_id();
         	
         	if (($site_secret) && ($session_id))
-        		return md5($site_secret.$action.$timestamp.$session_id);
+        		return md5($site_secret.$timestamp.$session_id);
         	
         	return false;
         }
diff --git a/views/default/input/form.php b/views/default/input/form.php
index 2bbc0e473..e3cc46c27 100644
--- a/views/default/input/form.php
+++ b/views/default/input/form.php
@@ -25,9 +25,8 @@
 
 	// Generate a security header
 	$ts = time();
-	$token = generate_action_token($action, $ts);
+	$token = generate_action_token($ts);
 	$security_header = elgg_view('input/hidden', array('internalname' => '__elgg_token', 'value' => $token));
-	$security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_action', 'value' => $action));
 	$security_header .= elgg_view('input/hidden', array('internalname' => '__elgg_ts', 'value' => $ts));
 ?>
 <form action="<?php echo $action; ?>" method="<?php echo $method; ?>" <?php if ($enctype!="") echo "enctype=\"$enctype\""; ?>>
-- 
cgit v1.2.3