commit 6b9a67b60cc1c0103271c8aeb3dd0360615370d2
parent c00e26b3ef3d3da4977a4519ddc3a1c2364962fc
Author: dankert <devnull@localhost>
Date: Tue, 23 Feb 2010 22:38:49 +0100
Bei POST-Anfragen ein Token mitsenden, um CSRF-Angriffe zu verhindern.
Diffstat:
4 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/actionClasses/Action.class.php b/actionClasses/Action.class.php
@@ -336,7 +336,7 @@ class Action
Logger::trace('Output'."\n".print_r($this->templateVars,true));
// Weitere Variablen anreichern.
- $this->templateVars['session'] = array('name'=>session_name(),'id'=>session_id());
+ $this->templateVars['session'] = array('name'=>session_name(),'id'=>session_id(),'token'=>token() );
$this->templateVars['version'] = OR_VERSION;
if ( sizeof($types)==1 && in_array('application/php-array',$types) || $this->getRequestVar('output')=='php-array' )
diff --git a/do.php b/do.php
@@ -56,6 +56,7 @@ define('OR_TMP_DIR' ,'./tmp/' );
define('OR_CONTROLLER_FILE' ,defined('OR_EXT_CONTROLLER_FILE')?OR_EXT_CONTROLLER_FILE:'do');
define('START_TIME' ,time() );
+define('REQ_PARAM_TOKEN' ,'token' );
define('REQ_PARAM_ACTION' ,'action' );
define('REQ_PARAM_SUBACTION' ,'subaction' );
define('REQ_PARAM_TARGETSUBACTION','targetSubAction');
@@ -92,6 +93,8 @@ if (version_compare(PHP_VERSION, '5.1.0', '>'))
session_start();
require_once( OR_SERVICECLASSES_DIR."Session.class.".PHP_EXT );
+if ( $_SERVER['REQUEST_METHOD'] == 'POST' && $REQ[REQ_PARAM_TOKEN]!=token() )
+ Http::notAuthorized("Token mismatch");
// Vorhandene Konfiguration aus der Sitzung lesen.
$conf = Session::getConfig();
diff --git a/functions/common.inc.php b/functions/common.inc.php
@@ -91,5 +91,14 @@ function config( $part1,$part2,$part3=null )
}
+/**
+ * Generiert aus der Session-Id einen Token.
+ * @return Token
+ */
+function token()
+{
+ return substr(session_id(),-10);
+}
+
?>
\ No newline at end of file
diff --git a/themes/default/include/html/form.inc.php b/themes/default/include/html/form.inc.php
@@ -35,6 +35,7 @@
<input type="hidden" name="mode" value="edit" />
<?php } ?>
+<input type="hidden" name="<?php echo REQ_PARAM_TOKEN ?>" value="<?php echo token() ?>" />
<input type="hidden" name="<?php echo REQ_PARAM_ACTION ?>" value="<?php echo $attr_action ?>" />
<input type="hidden" name="<?php echo REQ_PARAM_SUBACTION ?>" value="<?php echo $attr_subaction ?>" />
<input type="hidden" name="<?php echo REQ_PARAM_ID ?>" value="<?php echo $attr_id ?>" /><?php