Navigation

← Previous Changeset
Next Changeset →

Changeset 1560

Timestamp:

03/17/08 20:56:15 (2 months ago)

Author:

Neal

Message:

Added CSRF protection to subscribe/unsubscribe links.
Made CSRF protection more strict for deleting avatars/marking forums as read.

Files:

branches/punbb-1.3-dev/upload/include/functions.php (modified) (2 diffs)
branches/punbb-1.3-dev/upload/include/rewrite_rules.php (modified) (1 diff)
branches/punbb-1.3-dev/upload/include/url/Default.php (modified) (2 diffs)
branches/punbb-1.3-dev/upload/include/url/File_based.php (modified) (2 diffs)
branches/punbb-1.3-dev/upload/include/url/File_based_(fancy).php (modified) (2 diffs)
branches/punbb-1.3-dev/upload/include/url/Folder_based.php (modified) (2 diffs)
branches/punbb-1.3-dev/upload/include/url/Folder_based_(fancy).php (modified) (2 diffs)
branches/punbb-1.3-dev/upload/misc.php (modified) (3 diffs)
branches/punbb-1.3-dev/upload/profile.php (modified) (2 diffs)
branches/punbb-1.3-dev/upload/viewforum.php (modified) (1 diff)
branches/punbb-1.3-dev/upload/viewtopic.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/punbb-1.3-dev/upload/include/functions.php

r1549	r1560
1471	1471	$mail_message = str_replace('<replier>', $post_info['poster'], $mail_message);
1472	1472	$mail_message = str_replace('<post_url>', pun_link($pun_url['post'], $new_pid), $mail_message);
1473		$mail_message = str_replace('<unsubscribe_url>', pun_link($pun_url['unsubscribe'], ~~$post_info['topic_id']~~), $mail_message);
	1473	$mail_message = str_replace('<unsubscribe_url>', pun_link($pun_url['unsubscribe'], array($post_info['topic_id'], generate_form_token('unsubscribe'.$post_info['topic_id'].$cur_subscriber['id']))), $mail_message);
1474	1474	$mail_message = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message);
1475	1475
…	…
1479	1479	$mail_message_full = str_replace('<message>', $post_info['message'], $mail_message_full);
1480	1480	$mail_message_full = str_replace('<post_url>', pun_link($pun_url['post'], $new_pid), $mail_message_full);
1481		$mail_message_full = str_replace('<unsubscribe_url>', pun_link($pun_url['unsubscribe'], ~~$post_info['topic_id']~~), $mail_message_full);
	1481	$mail_message_full = str_replace('<unsubscribe_url>', pun_link($pun_url['unsubscribe'], array($post_info['topic_id'], generate_form_token('unsubscribe'.$post_info['topic_id'].$cur_subscriber['id']))), $mail_message_full);
1482	1482	$mail_message_full = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $pun_config['o_board_title']), $mail_message_full);
1483	1483

branches/punbb-1.3-dev/upload/include/rewrite_rules.php

r1559	r1560
53	53	'/^users(\.html?\|\/)?$/i' => 'userlist.php',
54	54	'/^users\/(.*)\/([0-9-]+)\/?([a-z_]+)[\/_-]([a-zA-Z]+)[\/_-]p(age)?[\/_-]?([0-9]+)(\.html?\|\/)?$/i' => 'userlist.php?username=$1&show_group=$2&sort_by=$3&sort_dir=$4&p=$6',
55		'/^(email\|report\|subscribe\|unsubscribe)[\/_-]?([0-9]+)~~(\.html?\|\/)?$/i' => 'misc.php?$1=$2~~',
	55	'/^(email\|report\|subscribe\|unsubscribe)[\/_-]?([0-9]+)[\/_-]?([a-z0-9]+)?(\.html?\|\/)?$/i' => 'misc.php?$1=$2&csrf_token=$3',
56	56	'/^(mark\|rules)[\/_-]?(read)?[\/_-]?([a-z0-9]+)?(\.html?\|\/)?$/i' => 'misc.php?action=$1$2&csrf_token=$3',
57	57	'/^mark[\/_-](forum)[\/_-]?([0-9]+)[\/_-](read)[\/_-]([a-z0-9]+)(\.html?\|\/)?$/i' => 'misc.php?action=markforumread&fid=$2&csrf_token=$4',

branches/punbb-1.3-dev/upload/include/url/Default.php

r1557	r1560
74	74	'search_user_posts' => 'search.php?action=show_user_posts&user_id=$1',
75	75	'search_user_topics' => 'search.php?action=show_user_topics&user_id=$1',
76		'subscribe' => 'misc.php?subscribe=$1',
	76	'subscribe' => 'misc.php?subscribe=$1&csrf_token=$2',
77	77	'topic' => 'viewtopic.php?id=$1',
78	78	'topic_rss' => 'extern.php?action=feed&tid=$1&type=rss',
…	…
80	80	'topic_new_posts' => 'viewtopic.php?id=$1&action=new',
81	81	'topic_last_post' => 'viewtopic.php?id=$1&action=last',
82		'unsubscribe' => 'misc.php?unsubscribe=$1',
	82	'unsubscribe' => 'misc.php?unsubscribe=$1&csrf_token=$2',
83	83	'upload_avatar' => 'profile.php?action=upload_avatar&id=$1',
84	84	'user' => 'profile.php?id=$1',

branches/punbb-1.3-dev/upload/include/url/File_based.php

r1557	r1560
73	73	'search_user_posts' => 'search-posts-user$1.html',
74	74	'search_user_topics' => 'search-topics-user$1.html',
75		'subscribe' => 'subscribe$1.html',
	75	'subscribe' => 'subscribe$1-$2.html',
76	76	'topic' => 'topic$1.html',
77	77	'topic_rss' => 'topic$1-rss.html',
…	…
79	79	'topic_new_posts' => 'topic$1new-posts.html',
80	80	'topic_last_post' => 'topic$1last-post.html',
81		'unsubscribe' => 'unsubscribe$1.html',
	81	'unsubscribe' => 'unsubscribe$1-$2.html',
82	82	'upload_avatar' => 'upload-avatar$1.html',
83	83	'user' => 'user$1.html',

branches/punbb-1.3-dev/upload/include/url/File_based_(fancy).php

r1557	r1560
73	73	'search_user_posts' => 'search-posts-user$1.html',
74	74	'search_user_topics' => 'search-topics-user$1.html',
75		'subscribe' => 'subscribe$1.html',
	75	'subscribe' => 'subscribe$1-$2.html',
76	76	'topic' => 'topic$1-$2.html',
77	77	'topic_rss' => 'topic$1-rss.html',
…	…
79	79	'topic_new_posts' => 'topic$1-$2-new-posts.html',
80	80	'topic_last_post' => 'topic$1last-post.html',
81		'unsubscribe' => 'unsubscribe$1.html',
	81	'unsubscribe' => 'unsubscribe$1-$2.html',
82	82	'upload_avatar' => 'upload-avatar$1.html',
83	83	'user' => 'user$1.html',

branches/punbb-1.3-dev/upload/include/url/Folder_based.php

r1557	r1560
71	71	'search_user_posts' => 'search/posts/user/$1/',
72	72	'search_user_topics' => 'search/topics/user/$1/',
73		'subscribe' => 'subscribe/$1/',
	73	'subscribe' => 'subscribe/$1/$2/',
74	74	'topic' => 'topic/$1/',
75	75	'topic_rss' => 'topic/$1/rss/',
…	…
77	77	'topic_new_posts' => 'topic/$1/new/posts/',
78	78	'topic_last_post' => 'topic/$1/last/post/',
79		'unsubscribe' => 'unsubscribe/$1/',
	79	'unsubscribe' => 'unsubscribe/$1/$2/',
80	80	'upload_avatar' => 'upload/avatar/$1/',
81	81	'user' => 'user/$1/',

branches/punbb-1.3-dev/upload/include/url/Folder_based_(fancy).php

r1557	r1560
71	71	'search_user_posts' => 'search/posts/user/$1/',
72	72	'search_user_topics' => 'search/topics/user/$1/',
73		'subscribe' => 'subscribe/$1/',
	73	'subscribe' => 'subscribe/$1/$2/',
74	74	'topic' => 'topic/$1/$2/',
75	75	'topic_rss' => 'topic/$1/rss/',
…	…
77	77	'topic_new_posts' => 'topic/$1/$2/new/posts/',
78	78	'topic_last_post' => 'topic/$1/last/post/',
79		'unsubscribe' => 'unsubscribe/$1/',
	79	'unsubscribe' => 'unsubscribe/$1/$2/',
80	80	'upload_avatar' => 'upload/avatar/$1/',
81	81	'user' => 'user/$1/',

branches/punbb-1.3-dev/upload/misc.php

r1556	r1560
116	116	// We validate the CSRF token. If it's set in POST and we're at this point, the token is valid.
117	117	// If it's in GET, we need to make sure it's valid.
118		if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) \|\| $_GET['csrf_token'] !== generate_form_token('markforumread'.$pun_user['id'])))
	118	if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) \|\| $_GET['csrf_token'] !== generate_form_token('markforumread'.intval($_GET['fid']).$pun_user['id'])))
119	119	csrf_confirm_form();
120	120
…	…
452	452	message($lang_common['No permission']);
453	453
	454	// We validate the CSRF token. If it's set in POST and we're at this point, the token is valid.
	455	// If it's in GET, we need to make sure it's valid.
	456	if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) \|\| $_GET['csrf_token'] !== generate_form_token('subscribe'.intval($_GET['subscribe']).$pun_user['id'])))
	457	csrf_confirm_form();
	458
454	459	($hook = get_hook('mi_subscribe_selected')) ? eval($hook) : null;
455	460
…	…
507	512	message($lang_common['No permission']);
508	513
	514	// We validate the CSRF token. If it's set in POST and we're at this point, the token is valid.
	515	// If it's in GET, we need to make sure it's valid.
	516	if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) \|\| $_GET['csrf_token'] !== generate_form_token('unsubscribe'.intval($_GET['unsubscribe']).$pun_user['id'])))
	517	csrf_confirm_form();
	518
509	519	($hook = get_hook('mi_unsubscribe_selected')) ? eval($hook) : null;
510	520

branches/punbb-1.3-dev/upload/profile.php

r1558	r1560
693	693	// We validate the CSRF token. If it's set in POST and we're at this point, the token is valid.
694	694	// If it's in GET, we need to make sure it's valid.
695		if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) \|\| $_GET['csrf_token'] !== generate_form_token('delete_avatar'.$pun_user['id'])))
	695	if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) \|\| $_GET['csrf_token'] !== generate_form_token('delete_avatar'.$id.$pun_user['id'])))
696	696	csrf_confirm_form();
697	697
…	…
2146	2146	<?php echo implode("\n\t\t\t\t", $pun_page['hidden_fields'])."\n" ?>
2147	2147	</div>
2148		<?php if ($pun_page['avatar_format'] != ''): ?> <p class="frm-fld link"><span class="fld-label"><a href="<?php echo pun_link($pun_url['delete_avatar'], array($id, generate_form_token('delete_avatar'.$pun_user['id']))) ?>"><?php echo $lang_profile['Delete avatar'] ?></a>:</span> <span class="fm-input"><?php echo $lang_profile['Avatar info remove'] ?></span></p>
	2148	<?php if ($pun_page['avatar_format'] != ''): ?> <p class="frm-fld link"><span class="fld-label"><a href="<?php echo pun_link($pun_url['delete_avatar'], array($id, generate_form_token('delete_avatar'.$id.$pun_user['id']))) ?>"><?php echo $lang_profile['Delete avatar'] ?></a>:</span> <span class="fm-input"><?php echo $lang_profile['Avatar info remove'] ?></span></p>
2149	2149	<?php endif; ?> <fieldset class="frm-set set<?php echo ++$pun_page['set_count'] ?>">
2150	2150	<legend class="frm-legend"><strong><?php echo $lang_profile['Avatar'] ?></strong></legend>

branches/punbb-1.3-dev/upload/viewforum.php

r1556	r1560
158	158	if (!$pun_user['is_guest'] && $db->num_rows($result))
159	159	{
160		$pun_page['main_foot_options'][] = '<a class="user-option" href="'.pun_link($pun_url['mark_forum_read'], array($id, generate_form_token('markforumread'.$pun_user['id']))).'"><span>'.$lang_forum['Mark forum read'].'</span></a>';
	160	$pun_page['main_foot_options'][] = '<a class="user-option" href="'.pun_link($pun_url['mark_forum_read'], array($id, generate_form_token('markforumread'.$id.$pun_user['id']))).'"><span>'.$lang_forum['Mark forum read'].'</span></a>';
161	161
162	162	if ($pun_page['is_admmod'])

branches/punbb-1.3-dev/upload/viewtopic.php

r1555	r1560
209	209	{
210	210	if ($cur_topic['is_subscribed'])
211		$pun_page['main_head_options'][] = '<a class="sub-option" href="'.pun_link($pun_url['unsubscribe'], ~~$id~~).'"><em>'.$lang_topic['Cancel subscription'].'</em></a>';
	211	$pun_page['main_head_options'][] = '<a class="sub-option" href="'.pun_link($pun_url['unsubscribe'], array($id, generate_form_token('unsubscribe'.$id.$pun_user['id']))).'"><em>'.$lang_topic['Cancel subscription'].'</em></a>';
212	212	else
213		$pun_page['main_head_options'][] = '<a class="sub-option" href="'.pun_link($pun_url['subscribe'], ~~$id~~).'">'.$lang_topic['Subscription'].'</a>';
	213	$pun_page['main_head_options'][] = '<a class="sub-option" href="'.pun_link($pun_url['subscribe'], array($id, generate_form_token('subscribe'.$id.$pun_user['id']))).'">'.$lang_topic['Subscription'].'</a>';
214	214	}
215	215

Navigation

Changeset 1560

Legend:

Download in other formats: