Navigation

← Previous Changeset
Next Changeset →

Changeset 1356

Timestamp:

01/29/08 00:08:53 (7 months ago)

Author:

Neal

Message:

Added a new parameter to the logout URL to prevent a CSRF annoyance.

Files:

trunk/upload/include/functions.php (modified) (2 diffs)
trunk/upload/login.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/upload/include/functions.php

r1098	r1356
296	296
297	297	$links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';
298		$links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';
	298	$links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'&csrf_token='.sha1($pun_user['id'].sha1(get_remote_address())).'">'.$lang_common['Logout'].'</a>';
299	299	}
300	300	else
…	…
303	303	$links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';
304	304	$links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>';
305		$links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';
	305	$links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'&csrf_token='.sha1($pun_user['id'].sha1(get_remote_address())).'">'.$lang_common['Logout'].'</a>';
306	306	}
307	307	}

trunk/upload/login.php

r431	r1356
85	85	else if ($action == 'out')
86	86	{
87		if ($pun_user['is_guest'] \|\| !isset($_GET['id']) \|\| $_GET['id'] != $pun_user['id'])
	87	if ($pun_user['is_guest'] \|\| !isset($_GET['id']) \|\| $_GET['id'] != $pun_user['id'] \|\| !isset($_GET['csrf_token']) \|\| $_GET['csrf_token'] != sha1($pun_user['id'].sha1(get_remote_address())))
88	88	{
89	89	header('Location: index.php');

Download in other formats: