1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 16:56:44 +02:00

as per evil3, some more anti-CSRF

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8775 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
2008-08-21 15:41:12 +00:00
parent 7e28be5968
commit f56391d5f7
7 changed files with 77 additions and 22 deletions

View File

@@ -2174,6 +2174,37 @@ function meta_refresh($time, $url)
//Form validation
/**
* Add a secret hash for use in links/GET requests
* @param string $link_name The name of the link; has to match the name used in check_form_key, otherwise no restrictions apply
* @param int $length The length of the key to generate
* @return sting the hash
*/
function generate_link_hash($link_name)
{
global $user;
if (!isset($user->data["hash_$link_name"]))
{
$user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8);
}
return $user->data["hash_$link_name"];
}
/**
* checks a link hash - for GET requests
* @param string $token the submitted token
* @param string $link_name The name of the link; has to match the name used in check_form_key, otherwise no restrictions apply
* @param int $length The length of the key to check
* @return boolean true if all is fine
*/
function check_link_hash($token, $link_name)
{
return $token === generate_link_hash($link_name);
}
/**
* Add a secret token to the form (requires the S_FORM_TOKEN template variable)
* @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply