mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-10 18:54:08 +02:00
Code Issues Releases Wiki Activity

[ticket/security/244] Add form token check to plupload

Browse Source 
SECURTIY-244
This commit is contained in:
Marc Alexander
2019-06-30 22:40:34 +02:00
parent 525c940385
commit 56477a8f7c
4 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
phpBB/includes/message_parser.php
View File

@@ -1524,6 +1524,35 @@ class parse_message extends bbcode_firstpass
}
}
/**
* Check attachment form token depending on submit type
*
* @param \phpbb\language\language $language Language
* @param \phpbb\request\request_interface $request Request
* @param string $form_name Form name for checking form key
*
* @return bool True if form token is not needed or valid, false if needed and invalid
*/
function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name)
{
$add_file = $request->is_set_post('add_file');
$delete_file = $request->is_set_post('delete_file');
if (($add_file || $delete_file) && !check_form_key($form_name))
{
$this->warn_msg[] = $language->lang('FORM_INVALID');
if ($request->is_ajax() && $this->plupload)
{
$this->plupload->emit_error(-400, 'FORM_INVALID');
}
return false;
}
return true;
}
/**
* Parse Attachments
*/

7
phpBB/includes/ucp/ucp_pm_compose.php
View File

@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
function compose_pm($id, $mode, $action, $user_folders = array())
{
global $template, $db, $auth, $user, $cache;
global $phpbb_root_path, $phpEx, $config;
global $phpbb_root_path, $phpEx, $config, $language;
global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible
@@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
// Parse Attachments - before checksum is calculated
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
{
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
}
if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
{