Bei POST-Anfragen ein Token mitsenden, um CSRF-Angriffe zu verhindern. - openrat-cms - Unnamed repository; edit this file 'description' to name the repository.

commit 6b9a67b60cc1c0103271c8aeb3dd0360615370d2
parent c00e26b3ef3d3da4977a4519ddc3a1c2364962fc
Author: dankert <devnull@localhost>
Date:   Tue, 23 Feb 2010 22:38:49 +0100

Bei POST-Anfragen ein Token mitsenden, um CSRF-Angriffe zu verhindern.

Diffstat:
actionClasses/Action.class.php  | 2 +-
do.php  | 3 +++
functions/common.inc.php  | 9 +++++++++
themes/default/include/html/form.inc.php  | 1 +

4 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/actionClasses/Action.class.php b/actionClasses/Action.class.php
@@ -336,7 +336,7 @@ class Action
 			Logger::trace('Output'."\n".print_r($this->templateVars,true));
 		
 		// Weitere Variablen anreichern.
-		$this->templateVars['session'] = array('name'=>session_name(),'id'=>session_id());
+		$this->templateVars['session'] = array('name'=>session_name(),'id'=>session_id(),'token'=>token() );
 		$this->templateVars['version'] = OR_VERSION;
 		
 		if	( sizeof($types)==1 && in_array('application/php-array',$types) || $this->getRequestVar('output')=='php-array' )
diff --git a/do.php b/do.php
@@ -56,6 +56,7 @@ define('OR_TMP_DIR'           ,'./tmp/'            );
 define('OR_CONTROLLER_FILE'   ,defined('OR_EXT_CONTROLLER_FILE')?OR_EXT_CONTROLLER_FILE:'do');
 define('START_TIME'           ,time()              );
 
+define('REQ_PARAM_TOKEN'          ,'token'          );
 define('REQ_PARAM_ACTION'         ,'action'         );
 define('REQ_PARAM_SUBACTION'      ,'subaction'      );
 define('REQ_PARAM_TARGETSUBACTION','targetSubAction');
@@ -92,6 +93,8 @@ if (version_compare(PHP_VERSION, '5.1.0', '>'))
 session_start();
 require_once( OR_SERVICECLASSES_DIR."Session.class.".PHP_EXT );
 
+if	( $_SERVER['REQUEST_METHOD'] == 'POST' && $REQ[REQ_PARAM_TOKEN]!=token() )
+	Http::notAuthorized("Token mismatch");
 
 // Vorhandene Konfiguration aus der Sitzung lesen.
 $conf = Session::getConfig();
diff --git a/functions/common.inc.php b/functions/common.inc.php
@@ -91,5 +91,14 @@ function config( $part1,$part2,$part3=null )
 }
 
 
+/**
+ * Generiert aus der Session-Id einen Token.
+ * @return Token
+ */
+function token()
+{
+	return substr(session_id(),-10);
+}
+
 
 ?> 
\ No newline at end of file
diff --git a/themes/default/include/html/form.inc.php b/themes/default/include/html/form.inc.php
@@ -35,6 +35,7 @@
 <input type="hidden" name="mode" value="edit" />
 <?php } ?>
 	
+<input type="hidden" name="<?php echo REQ_PARAM_TOKEN ?>" value="<?php echo token() ?>" />
 <input type="hidden" name="<?php echo REQ_PARAM_ACTION ?>" value="<?php echo $attr_action ?>" />
 <input type="hidden" name="<?php echo REQ_PARAM_SUBACTION ?>" value="<?php echo $attr_subaction ?>" />
 <input type="hidden" name="<?php echo REQ_PARAM_ID ?>" value="<?php echo $attr_id ?>" /><?php

	openrat-cms Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs

actionClasses/Action.class.php	\|	2	+-
do.php	\|	3	+++
functions/common.inc.php	\|	9	+++++++++
themes/default/include/html/form.inc.php	\|	1	+