mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-14 04:30:29 +01:00
Code Issues Releases Wiki Activity

as per evil3, some more anti-CSRF

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8775 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2008-08-21 15:41:12 +00:00
parent 7e28be5968
commit f56391d5f7
7 changed files with 77 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
phpBB/includes/functions.php
View File

@ -2174,6 +2174,37 @@ function meta_refresh($time, $url)
//Form validation
/**
* Add a secret hash for use in links/GET requests
* @param string $link_name The name of the link; has to match the name used in check_form_key, otherwise no restrictions apply
* @param int $length The length of the key to generate
* @return sting the hash
*/
function generate_link_hash($link_name)
{
global $user;
if (!isset($user->data["hash_$link_name"]))
{
$user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8);
}
return $user->data["hash_$link_name"];
}
/**
* checks a link hash - for GET requests
* @param string $token the submitted token
* @param string $link_name The name of the link; has to match the name used in check_form_key, otherwise no restrictions apply
* @param int $length The length of the key to check
* @return boolean true if all is fine
*/
function check_link_hash($token, $link_name)
{
return $token === generate_link_hash($link_name);
}
/**
* Add a secret token to the form (requires the S_FORM_TOKEN template variable)
* @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply

24
phpBB/includes/functions_display.php
View File

@ -988,8 +988,8 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
$table_sql = ($mode == 'forum') ? FORUMS_WATCH_TABLE : TOPICS_WATCH_TABLE;
$where_sql = ($mode == 'forum') ? 'forum_id' : 'topic_id';
$match_id = ($mode == 'forum') ? $forum_id : $topic_id;
$u_url = ($mode == 'forum') ? 'f' : 'f=' . $forum_id . '&t';
$u_url = "uid={$user->data['user_id']}&hash=" . generate_link_hash("{$mode}_$topic_id");
$u_url .= ($mode == 'forum') ? '&f' : '&f=' . $forum_id . '&t';
// Is user watching this thread?
if ($user_id != ANONYMOUS)
@ -1010,8 +1010,16 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
if (!is_null($notify_status) && $notify_status !== '')
{
if (isset($_GET['unwatch']))
{
$uid = request_var('uid', 0);
if ($uid != $user_id)
{
$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start");
$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
trigger_error($message);
}
if ($_GET['unwatch'] == $mode)
{
$is_watching = 0;
@ -1047,19 +1055,25 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
{
if (isset($_GET['watch']))
{
if ($_GET['watch'] == $mode)
$token = request_var('hash', '');
$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$topic_id"))
{
$is_watching = true;
$sql = 'INSERT INTO ' . $table_sql . " (user_id, $where_sql, notify_status)
VALUES ($user_id, $match_id, 0)";
$db->sql_query($sql);
$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
}
else
{
$message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
}
$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
meta_refresh(3, $redirect_url);
$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
trigger_error($message);
}
else

4
phpBB/includes/functions_posting.php
View File

@ -1271,8 +1271,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
'U_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id",
'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id",
'U_NEWEST_POST' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&p=$post_id&e=$post_id",
'U_STOP_WATCHING_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&unwatch=topic",
'U_STOP_WATCHING_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id&unwatch=forum",
'U_STOP_WATCHING_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?uid={$addr['user_id']}&f=$forum_id&t=$topic_id&unwatch=topic",
'U_STOP_WATCHING_FORUM' => generate_board_url() . "/viewforum.$phpEx?uid={$addr['user_id']}&f=$forum_id&unwatch=forum",
));
$messenger->send($addr['method']);

2
phpBB/language/en/common.php
View File

@ -170,6 +170,8 @@ $lang = array_merge($lang, array(
'ERR_JAB_AUTH' => 'Could not authorise on Jabber server.',
'ERR_JAB_CONNECT' => 'Could not connect to Jabber server.',
'ERR_UNABLE_TO_LOGIN' => 'The specified username or password is incorrect.',
'ERR_UNWATCHING' => 'An error occured while trying to unsubscribe.',
'ERR_WATCHING' => 'An error occured while trying to subscribe.',
'ERR_WRONG_PATH_TO_PHPBB' => 'The phpBB path specified appears to be invalid.',
'EXPAND_VIEW' => 'Expand view',
'EXTENSION' => 'Extension',

1
phpBB/language/en/viewtopic.php
View File

@ -40,6 +40,7 @@ $lang = array_merge($lang, array(
'ATTACHMENT_FUNCTIONALITY_DISABLED' => 'The attachments feature has been disabled.',
'BOOKMARK_ADDED' => 'Bookmarked topic successfully.',
'BOOKMARK_ERR' => 'Bookmarking the topic failed. Please try again.',
'BOOKMARK_REMOVED' => 'Removed bookmarked topic successfully.',
'BOOKMARK_TOPIC' => 'Bookmark topic',
'BOOKMARK_TOPIC_REMOVE' => 'Remove from bookmarks',

3
phpBB/posting.php
View File

@ -282,7 +282,8 @@ if ($mode == 'delete')
// Handle bump mode...
if ($mode == 'bump')
{
if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id']))
if ($bump_time = bump_topic_allowed($forum_id, $post_data['topic_bumped'], $post_data['topic_last_post_time'], $post_data['topic_poster'], $post_data['topic_last_poster_id'])
&& check_link_hash(request_var('hash', ''),"topic_{$post_data['topic_id']}"))
{
$db->sql_transaction('begin');

34
phpBB/viewtopic.php
View File

@ -471,25 +471,31 @@ if (($config['email_enable'] || $config['jab_enable']) && $config['allow_topic_n
// Bookmarks
if ($config['allow_bookmarks'] && $user->data['is_registered'] && request_var('bookmark', 0))
{
if (!$topic_data['bookmarked'])
if (check_link_hash(request_var('hash', ''),"topic_$topic_id"))
{
$sql = 'INSERT INTO ' . BOOKMARKS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'user_id' => $user->data['user_id'],
'topic_id' => $topic_id,
));
$db->sql_query($sql);
if (!$topic_data['bookmarked'])
{
$sql = 'INSERT INTO ' . BOOKMARKS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'user_id' => $user->data['user_id'],
'topic_id' => $topic_id,
));
$db->sql_query($sql);
}
else
{
$sql = 'DELETE FROM ' . BOOKMARKS_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND topic_id = $topic_id";
$db->sql_query($sql);
}
$message = (($topic_data['bookmarked']) ? $user->lang['BOOKMARK_REMOVED'] : $user->lang['BOOKMARK_ADDED']) . '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $viewtopic_url . '">', '</a>');
}
else
{
$sql = 'DELETE FROM ' . BOOKMARKS_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND topic_id = $topic_id";
$db->sql_query($sql);
$message = $user->lang['BOOKMARK_ERR'] . '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $viewtopic_url . '">', '</a>');
}
meta_refresh(3, $viewtopic_url);
$message = (($topic_data['bookmarked']) ? $user->lang['BOOKMARK_REMOVED'] : $user->lang['BOOKMARK_ADDED']) . '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $viewtopic_url . '">', '</a>');
trigger_error($message);
}
@ -615,12 +621,12 @@ $template->assign_vars(array(
'L_WATCH_TOPIC' => $s_watching_topic['title'],
'S_WATCHING_TOPIC' => $s_watching_topic['is_watching'],
'U_BOOKMARK_TOPIC' => ($user->data['is_registered'] && $config['allow_bookmarks']) ? $viewtopic_url . '&amp;bookmark=1' : '',
'U_BOOKMARK_TOPIC' => ($user->data['is_registered'] && $config['allow_bookmarks']) ? $viewtopic_url . '&amp;bookmark=1&amp;hash=' . generate_link_hash("topic_$topic_id") : '',
'L_BOOKMARK_TOPIC' => ($user->data['is_registered'] && $config['allow_bookmarks'] && $topic_data['bookmarked']) ? $user->lang['BOOKMARK_TOPIC_REMOVE'] : $user->lang['BOOKMARK_TOPIC'],
'U_POST_NEW_TOPIC' => ($auth->acl_get('f_post', $forum_id) || $user->data['user_id'] == ANONYMOUS) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=post&amp;f=$forum_id") : '',
'U_POST_REPLY_TOPIC' => ($auth->acl_get('f_reply', $forum_id) || $user->data['user_id'] == ANONYMOUS) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=reply&amp;f=$forum_id&amp;t=$topic_id") : '',
'U_BUMP_TOPIC' => (bump_topic_allowed($forum_id, $topic_data['topic_bumped'], $topic_data['topic_last_post_time'], $topic_data['topic_poster'], $topic_data['topic_last_poster_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=bump&amp;f=$forum_id&amp;t=$topic_id") : '')
'U_BUMP_TOPIC' => (bump_topic_allowed($forum_id, $topic_data['topic_bumped'], $topic_data['topic_last_post_time'], $topic_data['topic_poster'], $topic_data['topic_last_poster_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=bump&amp;f=$forum_id&amp;t=$topic_id&amp;hash=" . generate_link_hash("topic_$topic_id")) : '')
);
// Does this topic contain a poll?