From 111bcdec7568269e88108ace560c35d333f9df1c Mon Sep 17 00:00:00 2001 From: mensonge Date: Tue, 25 Nov 2008 16:23:55 +0000 Subject: [PATCH] Fix bug: prevent CSRF attacks to admin page git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@174 b3834d28-1941-0410-a4f8-b48e95affb8f --- admin.php | 57 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/admin.php b/admin.php index d72d4a0..48adacb 100644 --- a/admin.php +++ b/admin.php @@ -1,21 +1,21 @@ getCurrentObjectUser(); // Header variables $tplVars['subtitle'] = T_('Manage users'); @@ -32,23 +35,21 @@ $tplVars['loadjs'] = true; $tplVars['sidebar_blocks'] = array('users' ); if ( !$userservice->isLoggedOn() ) { - header('Location: '. createURL('login', '')); - exit(); -} + header('Location: '. createURL('login', '')); + exit(); +} -//$currentUser = $userservice->getCurrentUser(); -//$currentUserID = $userservice->getCurrentUserId(); -//$currentUsername = $currentUser[$userservice->getFieldName('username')]; -$currentObjectUser = $userservice->getCurrentObjectUser(); - -if ( !$currentObjectUser->isAdmin() ) { - header('Location: '. createURL('bookmarks', $currentObjectUser->getUsername())); - exit(); +if ( !$currentUser->isAdmin() ) { + header('Location: '. createURL('bookmarks', $currentUser->getUsername())); + exit(); } @list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL; + -if ( $action ) { +if ( $action +&& strpos($_SERVER['HTTP_REFERER'], ROOT.'/admin.php') == 0 // Prevent CSRF attacks +) { switch ( $action ) { case 'delete': if ( $user && ($userinfo = $userservice->getUserByUsername($user)) ) { @@ -78,4 +79,4 @@ if ( !is_array($users) ) { $tplVars['users'] =& $users; $templateservice->loadTemplate($templatename, $tplVars); -?> +?>