Generate session csrf code to avoid attacks in user edition
This commit is contained in:
fermin831
parent
87d1bdd29d
commit
764b1125bd
|
|
@ -152,6 +152,7 @@ if ($create_user) {
|
|||
ui_print_error_message (__('The current authentication scheme doesn\'t support creating users on %s', get_product_name()));
|
||||
return;
|
||||
}
|
||||
if (html_print_csrf_error()) return;
|
||||
|
||||
$values = array ();
|
||||
$values['id_user'] = (string) get_parameter ('id_user');
|
||||
|
|
@ -279,6 +280,8 @@ if ($create_user) {
|
|||
}
|
||||
|
||||
if ($update_user) {
|
||||
if (html_print_csrf_error()) return;
|
||||
|
||||
$values = array ();
|
||||
$values['id_user'] = (string) get_parameter ('id_user');
|
||||
$values['fullname'] = (string) get_parameter ('fullname');
|
||||
|
|
@ -705,14 +708,12 @@ echo '<form method="post" autocomplete="off">';
|
|||
html_print_table ($table);
|
||||
|
||||
echo '<div style="width: '.$table->width.'" class="action-buttons">';
|
||||
if ($new_user) {
|
||||
if ($config['admin_can_add_user']) {
|
||||
html_print_csrf_hidden();
|
||||
if ($new_user) {
|
||||
html_print_input_hidden ('create_user', 1);
|
||||
html_print_submit_button (__('Create'), 'crtbutton', false, 'class="sub wand"');
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($config['user_can_update_info']) {
|
||||
} else {
|
||||
html_print_input_hidden ('update_user', 1);
|
||||
html_print_submit_button (__('Update'), 'uptbutton', false, 'class="sub upd"');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3344,4 +3344,27 @@ function get_copyright_notice () {
|
|||
return $stored_name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a random code to prevent cross site request fogery attacks
|
||||
*
|
||||
* @return string Generated code
|
||||
*/
|
||||
function generate_csrf_code() {
|
||||
// Start session to make this var permanent
|
||||
session_start();
|
||||
$_SESSION['csrf_code'] = md5(uniqid(mt_rand(), true));
|
||||
session_write_close();
|
||||
return $_SESSION['csrf_code'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate the CSRF code
|
||||
*
|
||||
* @return bool True if code is valid
|
||||
*/
|
||||
function validate_csrf_code() {
|
||||
$code = get_parameter('csrf_code');
|
||||
return isset($code) && isset($_SESSION['csrf_code'])
|
||||
&& $_SESSION['csrf_code'] == $code;
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -2504,4 +2504,24 @@ function html_print_sort_arrows ($params, $order_tag, $up = 'up', $down = 'down'
|
|||
'</a>'
|
||||
;
|
||||
}
|
||||
|
||||
/**
|
||||
* Print an input hidden with a new csrf token generated
|
||||
*/
|
||||
function html_print_csrf_hidden () {
|
||||
html_print_input_hidden('csrf_code', generate_csrf_code());
|
||||
}
|
||||
|
||||
/**
|
||||
* Print an error if csrf is incorrect
|
||||
*/
|
||||
function html_print_csrf_error () {
|
||||
if (validate_csrf_code()) return false;
|
||||
|
||||
ui_print_error_message (
|
||||
__('%s cannot verify the origin of the request. Try again, please.',
|
||||
get_product_name())
|
||||
);
|
||||
return true;
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -66,6 +66,8 @@ else {
|
|||
|
||||
// Update user info
|
||||
if (isset ($_GET["modified"]) && !$view_mode) {
|
||||
if (html_print_csrf_error()) return;
|
||||
|
||||
$upd_info = array ();
|
||||
$upd_info["fullname"] = get_parameter_post ("fullname", $user_info["fullname"]);
|
||||
$upd_info["firstname"] = get_parameter_post ("firstname", $user_info["firstname"]);
|
||||
|
|
@ -490,6 +492,7 @@ if (!$config["user_can_update_info"]) {
|
|||
echo '<i>'.__('You can not change your user info under the current authentication scheme').'</i>';
|
||||
}
|
||||
else {
|
||||
html_print_csrf_hidden();
|
||||
html_print_submit_button (__('Update'), 'uptbutton', $view_mode, 'class="sub upd"');
|
||||
}
|
||||
echo '</div></form>';
|
||||
|
|
|
|||
Loading…
Reference in New Issue