aliens/SemanticScuttle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix bug: prevent CSRF attacks to admin page

Browse source 
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@174 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
mensonge 2008-11-25 16:23:55 +00:00
parent 15b91c7e66
commit 111bcdec75
1 changed files with 29 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
admin.php
View file

@ -26,6 +26,9 @@ $bookmarkservice = & ServiceFactory :: getServiceInstance('BookmarkService');
$tag2tagservice = & ServiceFactory :: getServiceInstance('Tag2TagService'); $tag2tagservice = & ServiceFactory :: getServiceInstance('Tag2TagService');
$templateservice = & ServiceFactory :: getServiceInstance('TemplateService'); $templateservice = & ServiceFactory :: getServiceInstance('TemplateService');
/* Managing current logged user */
$currentUser = $userservice->getCurrentObjectUser();
// Header variables // Header variables
$tplVars['subtitle'] = T_('Manage users'); $tplVars['subtitle'] = T_('Manage users');
$tplVars['loadjs'] = true; $tplVars['loadjs'] = true;
@ -36,19 +39,17 @@ if ( !$userservice->isLoggedOn() ) {
exit(); exit();
} }
//$currentUser = $userservice->getCurrentUser(); if ( !$currentUser->isAdmin() ) {
//$currentUserID = $userservice->getCurrentUserId(); header('Location: '. createURL('bookmarks', $currentUser->getUsername()));
//$currentUsername = $currentUser[$userservice->getFieldName('username')];
$currentObjectUser = $userservice->getCurrentObjectUser();
if ( !$currentObjectUser->isAdmin() ) {
header('Location: '. createURL('bookmarks', $currentObjectUser->getUsername()));
exit(); exit();
} }
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL; @list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
if ( $action ) {
if ( $action
&& strpos($_SERVER['HTTP_REFERER'], ROOT.'/admin.php') == 0 // Prevent CSRF attacks
) {
switch ( $action ) { switch ( $action ) {
case 'delete': case 'delete':
if ( $user && ($userinfo = $userservice->getUserByUsername($user)) ) { if ( $user && ($userinfo = $userservice->getUserByUsername($user)) ) {