From 5af0cfd99a13fda9afad3380b0c50a3428acd299 Mon Sep 17 00:00:00 2001 From: Till Brehm <tbrehm@ispconfig.org> Date: Wed, 03 Jun 2015 12:14:07 -0400 Subject: [PATCH] Extended the CSRF check. --- interface/lib/classes/tform.inc.php | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index d0bb7d1..1717419 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -386,12 +386,17 @@ /* CSRF PROTECTION */ // generate csrf protection id and key - $_csrf_id = uniqid($this->formDef['name'] . '_'); + /*$_csrf_id = uniqid($this->formDef['name'] . '_'); $_csrf_value = sha1(uniqid(microtime(true), true)); if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array(); if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array(); $_SESSION['_csrf'][$_csrf_id] = $_csrf_value; $_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour + */ + $csrf_token = $app->auth->csrf_token_get($this->formDef['name']); + $_csrf_id = $csrf_token['csrf_id']; + $_csrf_value = $csrf_token['csrf_key']; + $this->formDef['tabs'][$tab]['fields']['_csrf_id'] = array( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', @@ -669,6 +674,7 @@ //$this->errorMessage = ''; /* CSRF PROTECTION */ + if(isset($_POST) && is_array($_POST)) { $_csrf_valid = false; if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) { -- Gitblit v1.9.1