summaryrefslogtreecommitdiff
path: root/profile.php
diff options
context:
space:
mode:
authormensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-11-17 14:24:44 +0000
committermensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-11-17 14:24:44 +0000
commit54991bce619b2840452594e8a78004b7389445ed (patch)
treeb6704c154f80e8e1663ad891856cfc9f90182086 /profile.php
parent60b9c2c903f88e5c32e43dfbbe04679513d835ee (diff)
downloadsemanticscuttle-54991bce619b2840452594e8a78004b7389445ed.tar.gz
semanticscuttle-54991bce619b2840452594e8a78004b7389445ed.tar.bz2
Bug fix: prevent from CSRF vulnerabilities on profile page (thank you Etienne Z.)
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@164 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'profile.php')
-rw-r--r--profile.php15
1 files changed, 15 insertions, 0 deletions
diff --git a/profile.php b/profile.php
index fe86daa..1ad92ba 100644
--- a/profile.php
+++ b/profile.php
@@ -73,6 +73,15 @@ if (isset($_POST['submitted']) && $currentUserID == $userid) {
$detMail = trim($_POST['pMail']);
$detPage = trim($_POST['pPage']);
$detDesc = filter($_POST['pDesc']);
+
+ // manage token preventing from CSRF vulnaribilities
+ if ( !isset($_SESSION['token'], $_SESSION['token_stamp'])
+ || time() - $_SESSION['token_stamp'] > 600 //limit token lifetime, optionnal
+ || $_SESSION['token'] != $_POST['token']) {
+ $error = true;
+ $tplVars['error'] = T_('Invalid Token');
+ }
+
if ($detPass != $detPassConf) {
$error = true;
$tplVars['error'] = T_('Password and confirmation do not match.');
@@ -98,8 +107,14 @@ if (isset($_POST['submitted']) && $currentUserID == $userid) {
if ($currentUserID != $userid) {
$templatename = 'profile.tpl.php';
} else {
+ //Token Init
+ $_SESSION['token'] = md5(uniqid(rand(), true));
+ $_SESSION['token_stamp'] = time();
+
$templatename = 'editprofile.tpl.php';
$tplVars['formaction'] = createURL('profile', $user);
+ $tplVars['token'] = $_SESSION['token'];
+
}
$tplVars['row'] = $userinfo;