diff options
author | mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2008-11-17 14:24:44 +0000 |
---|---|---|
committer | mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2008-11-17 14:24:44 +0000 |
commit | 54991bce619b2840452594e8a78004b7389445ed (patch) | |
tree | b6704c154f80e8e1663ad891856cfc9f90182086 | |
parent | 60b9c2c903f88e5c32e43dfbbe04679513d835ee (diff) | |
download | semanticscuttle-54991bce619b2840452594e8a78004b7389445ed.tar.gz semanticscuttle-54991bce619b2840452594e8a78004b7389445ed.tar.bz2 |
Bug fix: prevent from CSRF vulnerabilities on profile page (thank you Etienne Z.)
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@164 b3834d28-1941-0410-a4f8-b48e95affb8f
-rw-r--r-- | profile.php | 15 | ||||
-rw-r--r-- | templates/editprofile.tpl.php | 1 |
2 files changed, 16 insertions, 0 deletions
diff --git a/profile.php b/profile.php index fe86daa..1ad92ba 100644 --- a/profile.php +++ b/profile.php @@ -73,6 +73,15 @@ if (isset($_POST['submitted']) && $currentUserID == $userid) { $detMail = trim($_POST['pMail']); $detPage = trim($_POST['pPage']); $detDesc = filter($_POST['pDesc']); + + // manage token preventing from CSRF vulnaribilities + if ( !isset($_SESSION['token'], $_SESSION['token_stamp']) + || time() - $_SESSION['token_stamp'] > 600 //limit token lifetime, optionnal + || $_SESSION['token'] != $_POST['token']) { + $error = true; + $tplVars['error'] = T_('Invalid Token'); + } + if ($detPass != $detPassConf) { $error = true; $tplVars['error'] = T_('Password and confirmation do not match.'); @@ -98,8 +107,14 @@ if (isset($_POST['submitted']) && $currentUserID == $userid) { if ($currentUserID != $userid) { $templatename = 'profile.tpl.php'; } else { + //Token Init + $_SESSION['token'] = md5(uniqid(rand(), true)); + $_SESSION['token_stamp'] = time(); + $templatename = 'editprofile.tpl.php'; $tplVars['formaction'] = createURL('profile', $user); + $tplVars['token'] = $_SESSION['token']; + } $tplVars['row'] = $userinfo; diff --git a/templates/editprofile.tpl.php b/templates/editprofile.tpl.php index a38dbd8..055aab0 100644 --- a/templates/editprofile.tpl.php +++ b/templates/editprofile.tpl.php @@ -3,6 +3,7 @@ $this->includeTemplate($GLOBALS['top_include']); ?> <form action="<?php echo $formaction; ?>" method="post"> +<input type="hidden" name="token" value="<?php echo $token; ?>"> </table> |