From 047728e3d415c439f77beb1d0166d56b6120cac8 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 9 Sep 2014 19:46:27 +0200 Subject: [PATCH 1/3] [ticket/13052] Remove additional parameter from check_form_key() PHPBB3-13052 --- phpBB/includes/functions.php | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index df613682a7..f7ee2c44ab 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2576,21 +2576,18 @@ function add_form_key($form_name) } /** -* Check the form key. Required for all altering actions not secured by confirm_box -* @param string $form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply -* @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting. -* @param string $return_page The address for the return link -* @param bool $trigger If true, the function will triger an error when encountering an invalid form -*/ -function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false) + * Check the form key. Required for all altering actions not secured by confirm_box + * + * @param string $form_name The name of the form; has to match the name used + * in add_form_key, otherwise no restrictions apply + * @return bool True, if the form key was valid, false otherwise + */ +function check_form_key($form_name) { global $config, $user; - if ($timespan === false) - { - // we enforce a minimum value of half a minute here. - $timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']); - } + // we enforce a minimum value of half a minute here. + $timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']); if (isset($_POST['creation_time']) && isset($_POST['form_token'])) { @@ -2612,11 +2609,6 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg } } - if ($trigger) - { - trigger_error($user->lang['FORM_INVALID'] . $return_page); - } - return false; } From ad8d53af27dfbd30f6e11274dcb790082c8c2c1d Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 9 Sep 2014 19:47:00 +0200 Subject: [PATCH 2/3] [ticket/13052] Fix appearances with multiple parameters PHPBB3-13052 --- phpBB/includes/ucp/ucp_pm_options.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index 353bfdc7ec..d1fc9d2c62 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -32,7 +32,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Change "full folder" setting - what to do if folder is full if (isset($_POST['fullfolder'])) { - check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url); + if (!check_form_key('ucp_pm_options')) + { + trigger_error('FORM_INVALID'); + } + $full_action = request_var('full_action', 0); $set_folder_id = 0; From ef61deb132c16270462aae2fe30f7d5b2f751577 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 9 Sep 2014 19:49:17 +0200 Subject: [PATCH 3/3] [ticket/13052] Use request class instead of $_POST and request_var() PHPBB3-13052 --- phpBB/includes/functions.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index f7ee2c44ab..7eca3e7ef6 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2584,15 +2584,15 @@ function add_form_key($form_name) */ function check_form_key($form_name) { - global $config, $user; + global $config, $request, $user; // we enforce a minimum value of half a minute here. $timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']); - if (isset($_POST['creation_time']) && isset($_POST['form_token'])) + if ($request->is_set_post('creation_time') && $request->is_set_post('form_token')) { - $creation_time = abs(request_var('creation_time', 0)); - $token = request_var('form_token', ''); + $creation_time = abs($request->variable('creation_time', 0)); + $token = $request->variable('form_token', ''); $diff = time() - $creation_time;