aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-11-25 16:23:55 +0000
committermensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-11-25 16:23:55 +0000
commit111bcdec7568269e88108ace560c35d333f9df1c (patch)
treee27bab956bcc16f033f8622338b0bb7a0c0b760c
parent15b91c7e661d928d8b125ec9cfbda1702319c8b4 (diff)
downloadsemanticscuttle-111bcdec7568269e88108ace560c35d333f9df1c.tar.gz
semanticscuttle-111bcdec7568269e88108ace560c35d333f9df1c.tar.bz2
Fix bug: prevent CSRF attacks to admin page
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@174 b3834d28-1941-0410-a4f8-b48e95affb8f
-rw-r--r--admin.php57
1 files changed, 29 insertions, 28 deletions
diff --git a/admin.php b/admin.php
index d72d4a0..48adacb 100644
--- a/admin.php
+++ b/admin.php
@@ -1,21 +1,21 @@
<?php
/***************************************************************************
-Copyright (C) 2007 - 2008 SemanticScuttle project (fork from Scuttle)
-http://sourceforge.net/projects/semanticscuttle/
+ Copyright (C) 2007 - 2008 SemanticScuttle project (fork from Scuttle)
+ http://sourceforge.net/projects/semanticscuttle/
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-***************************************************************************/
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ ***************************************************************************/
require_once('header.inc.php');
@@ -24,7 +24,10 @@ $userservice = & ServiceFactory :: getServiceInstance('UserService');
$bookmark2tagservice = & ServiceFactory :: getServiceInstance('Bookmark2Tagservice');
$bookmarkservice = & ServiceFactory :: getServiceInstance('BookmarkService');
$tag2tagservice = & ServiceFactory :: getServiceInstance('Tag2TagService');
-$templateservice = & ServiceFactory :: getServiceInstance('TemplateService');
+$templateservice = & ServiceFactory :: getServiceInstance('TemplateService');
+
+/* Managing current logged user */
+$currentUser = $userservice->getCurrentObjectUser();
// Header variables
$tplVars['subtitle'] = T_('Manage users');
@@ -32,23 +35,21 @@ $tplVars['loadjs'] = true;
$tplVars['sidebar_blocks'] = array('users' );
if ( !$userservice->isLoggedOn() ) {
- header('Location: '. createURL('login', ''));
- exit();
-}
+ header('Location: '. createURL('login', ''));
+ exit();
+}
-//$currentUser = $userservice->getCurrentUser();
-//$currentUserID = $userservice->getCurrentUserId();
-//$currentUsername = $currentUser[$userservice->getFieldName('username')];
-$currentObjectUser = $userservice->getCurrentObjectUser();
-
-if ( !$currentObjectUser->isAdmin() ) {
- header('Location: '. createURL('bookmarks', $currentObjectUser->getUsername()));
- exit();
+if ( !$currentUser->isAdmin() ) {
+ header('Location: '. createURL('bookmarks', $currentUser->getUsername()));
+ exit();
}
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
+
-if ( $action ) {
+if ( $action
+&& strpos($_SERVER['HTTP_REFERER'], ROOT.'/admin.php') == 0 // Prevent CSRF attacks
+) {
switch ( $action ) {
case 'delete':
if ( $user && ($userinfo = $userservice->getUserByUsername($user)) ) {
@@ -78,4 +79,4 @@ if ( !is_array($users) ) {
$tplVars['users'] =& $users;
$templateservice->loadTemplate($templatename, $tplVars);
-?>
+?>