diff options
| -rw-r--r-- | web/html/account.php | 14 | ||||
| -rw-r--r-- | web/html/addvote.php | 7 | ||||
| -rw-r--r-- | web/html/packages.php | 70 | ||||
| -rw-r--r-- | web/html/pkgsubmit.php | 6 | ||||
| -rw-r--r-- | web/html/tu.php | 2 | ||||
| -rw-r--r-- | web/lib/acctfuncs.inc.php | 2 | ||||
| -rw-r--r-- | web/lib/aur.inc.php | 10 | ||||
| -rw-r--r-- | web/lib/pkgfuncs.inc.php | 2 | ||||
| -rw-r--r-- | web/template/account_edit_form.php | 1 | ||||
| -rw-r--r-- | web/template/actions_form.php | 1 | ||||
| -rw-r--r-- | web/template/pkg_comment_form.php | 3 | ||||
| -rw-r--r-- | web/template/pkg_comments.php | 1 | ||||
| -rw-r--r-- | web/template/pkg_details.php | 3 | ||||
| -rw-r--r-- | web/template/pkg_search_results.php | 1 | ||||
| -rw-r--r-- | web/template/tu_details.php | 1 |
15 files changed, 78 insertions, 46 deletions
diff --git a/web/html/account.php b/web/html/account.php index ce3f777..b0906d9 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -74,13 +74,13 @@ if (isset($_COOKIE["AURSID"])) { } elseif ($action == "UpdateAccount") { # user is submitting their modifications to an existing account # - process_account_form($atype, "edit", "UpdateAccount", - in_request("U"), in_request("T"), in_request("S"), - in_request("E"), in_request("P"), in_request("C"), - in_request("R"), in_request("L"), in_request("I"), - in_request("K"), in_request("ID")); - - + if (check_token()) { + process_account_form($atype, "edit", "UpdateAccount", + in_request("U"), in_request("T"), in_request("S"), + in_request("E"), in_request("P"), in_request("C"), + in_request("R"), in_request("L"), in_request("I"), + in_request("K"), in_request("ID")); + } } else { if ($atype == "Trusted User" || $atype == "Developer") { # display the search page if they're a TU/dev diff --git a/web/html/addvote.php b/web/html/addvote.php index dd1f47b..d3bd7d4 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -19,7 +19,11 @@ if (isset($_COOKIE["AURSID"])) { if ($atype == "Trusted User" || $atype == "Developer") { - if (!empty($_POST['addVote'])) { + if (!empty($_POST['addVote']) && !check_token()) { + $error = __("Invalid token for user action."); + } + + if (!empty($_POST['addVote']) && check_token()) { $error = ""; if (!empty($_POST['user'])) { @@ -79,6 +83,7 @@ if ($atype == "Trusted User" || $atype == "Developer") { <b><?php print __("Proposal") ?></b><br /> <textarea name="agenda" rows="15" cols="80"><?php if (!empty($_POST['agenda'])) { print htmlentities($_POST['agenda']); } ?></textarea><br /> <input type="hidden" name="addVote" value="1" /> + <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" /> <input type="submit" class="button" value="<?php print __("Submit"); ?>" /> </p> </form> diff --git a/web/html/packages.php b/web/html/packages.php index aa1d04c..ec76e41 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -38,46 +38,48 @@ if (isset($_POST['IDs'])) { # Determine what action to do $output = ""; -if (current_action("do_Flag")) { - $output = pkg_flag($atype, $ids, true); -} elseif (current_action("do_UnFlag")) { - $output = pkg_flag($atype, $ids, False); -} elseif (current_action("do_Adopt")) { - $output = pkg_adopt($atype, $ids, true); -} elseif (current_action("do_Disown")) { - $output = pkg_adopt($atype, $ids, False); -} elseif (current_action("do_Vote")) { - $output = pkg_vote($atype, $ids, true); -} elseif (current_action("do_UnVote")) { - $output = pkg_vote($atype, $ids, False); -} elseif (current_action("do_Delete")) { - if (isset($_POST['confirm_Delete'])) { - if (!isset($_POST['merge_Into']) || empty($_POST['merge_Into'])) { - $output = pkg_delete($atype, $ids, NULL); - unset($_GET['ID']); - } - else { - $mergepkgid = pkgid_from_name($_POST['merge_Into']); - if ($mergepkgid) { - $output = pkg_delete($atype, $ids, $mergepkgid); +if (check_token()) { + if (current_action("do_Flag")) { + $output = pkg_flag($atype, $ids, true); + } elseif (current_action("do_UnFlag")) { + $output = pkg_flag($atype, $ids, False); + } elseif (current_action("do_Adopt")) { + $output = pkg_adopt($atype, $ids, true); + } elseif (current_action("do_Disown")) { + $output = pkg_adopt($atype, $ids, False); + } elseif (current_action("do_Vote")) { + $output = pkg_vote($atype, $ids, true); + } elseif (current_action("do_UnVote")) { + $output = pkg_vote($atype, $ids, False); + } elseif (current_action("do_Delete")) { + if (isset($_POST['confirm_Delete'])) { + if (!isset($_POST['merge_Into']) || empty($_POST['merge_Into'])) { + $output = pkg_delete($atype, $ids, NULL); unset($_GET['ID']); } else { - $output = __("Cannot find package to merge votes and comments into."); + $mergepkgid = pkgid_from_name($_POST['merge_Into']); + if ($mergepkgid) { + $output = pkg_delete($atype, $ids, $mergepkgid); + unset($_GET['ID']); + } + else { + $output = __("Cannot find package to merge votes and comments into."); + } } } + else { + $output = __("The selected packages have not been deleted, check the confirmation checkbox."); + } + } elseif (current_action("do_Notify")) { + $output = pkg_notify($atype, $ids); + } elseif (current_action("do_UnNotify")) { + $output = pkg_notify($atype, $ids, False); + } elseif (current_action("do_DeleteComment")) { + $output = pkg_delete_comment($atype); + } elseif (current_action("do_ChangeCategory")) { + $output = pkg_change_category($atype); } - else { - $output = __("The selected packages have not been deleted, check the confirmation checkbox."); - } -} elseif (current_action("do_Notify")) { - $output = pkg_notify($atype, $ids); -} elseif (current_action("do_UnNotify")) { - $output = pkg_notify($atype, $ids, False); -} elseif (current_action("do_DeleteComment")) { - $output = pkg_delete_comment($atype); -} elseif (current_action("do_ChangeCategory")) { - $output = pkg_change_category($atype); } html_header($title); diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 737812e..65e2f6d 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -27,6 +27,11 @@ if ($uid): if (isset($_REQUEST['pkgsubmit'])) { + # Make sure authenticated user submitted the package themselves + if (!check_token()) { + $error = __("Invalid token for user action."); + } + # Before processing, make sure we even have a file switch($_FILES['pfile']['error']) { case UPLOAD_ERR_INI_SIZE: @@ -428,6 +433,7 @@ html_header("Submit"); <fieldset> <div> <input type="hidden" name="pkgsubmit" value="1" /> + <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" /> </div> </div> <p> <label for="id_category"><?php print __("Package Category"); ?>:</label> diff --git a/web/html/tu.php b/web/html/tu.php index 48cd6c1..8619903 100644 --- a/web/html/tu.php +++ b/web/html/tu.php @@ -49,7 +49,7 @@ if ($atype == "Trusted User" || $atype == "Developer") { } if ($canvote == 1) { - if (isset($_POST['doVote'])) { + if (isset($_POST['doVote']) && check_token()) { if (isset($_POST['voteYes'])) { $myvote = "Yes"; } else if (isset($_POST['voteNo'])) { diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 59f499e..a41a4e7 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -624,7 +624,7 @@ function user_suspended($id, $dbh=NULL) { $result = db_query($q, $dbh); if ($result) { $row = mysql_fetch_row($result); - if ($result[0] == 1 ) { + if ($row[0]) { return true; } } diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 5a70e77..1a6164e 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -75,6 +75,16 @@ function check_sid($dbh=NULL) { return; } +# Verify the supplied token matches the expected token for POST forms +# +function check_token() { + if (isset($_POST['token'])) { + return ($_POST['token'] == $_COOKIE['AURSID']); + } else { + return false; + } +} + # verify that an email address looks like it is legitimate # function valid_email($addy) { diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 6d2f01f..0009b93 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -395,7 +395,7 @@ function package_details($id=0, $SID="", $dbh=NULL) { # Actions Bar if ($SID) { include('actions_form.php'); - if (isset($_REQUEST['comment'])) { + if (isset($_REQUEST['comment']) && check_token()) { $uid = uid_from_sid($SID, $dbh); add_package_comment($id, $uid, $_REQUEST['comment'], $dbh); } diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php index 32379a7..c32eb94 100644 --- a/web/template/account_edit_form.php +++ b/web/template/account_edit_form.php @@ -3,6 +3,7 @@ <input type="hidden" name="Action" value="<?php echo $A ?>" /> <?php if ($UID): ?> <input type="hidden" name="ID" value="<?php echo $UID ?>" /> + <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" /> </div> <?php endif; ?> </fieldset> <table> diff --git a/web/template/actions_form.php b/web/template/actions_form.php index e5ab7c2..ff0fd4e 100644 --- a/web/template/actions_form.php +++ b/web/template/actions_form.php @@ -3,6 +3,7 @@ <fieldset> <input type="hidden" name="IDs[<?php echo $row['ID'] ?>]" value="1" /> <input type="hidden" name="ID" value="<?php echo $row['ID'] ?>" /> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> <?php if (user_voted($uid, $row['ID'])): ?> <input type="submit" class="button" name="do_UnVote" value="<?php echo __("UnVote") ?>" /> diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index 8430a89..95d2cb0 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -3,12 +3,13 @@ <form call="general-form" action="<?php echo $_SERVER['REQUEST_URI'] ?>" method="post"> <fieldset> <?php -if (isset($_REQUEST['comment'])) { +if (isset($_REQUEST['comment']) && check_token()) { echo '<p>' . __('Comment has been added.') . '</p>'; } ?> <div> <input type="hidden" name="ID" value="<?php echo intval($_REQUEST['ID']) ?>" /> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> </div> <p> <label for="id_comment"><?php echo __("Comment") . ':' ?></label> diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index 4e9dfa3..02f4963 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -18,6 +18,7 @@ $count = package_comments_count($_GET['ID']); <fieldset style="display:inline;"> <input type="hidden" name="action" value="do_DeleteComment" /> <input type="hidden" name="comment_id" value="<?php echo $row['ID'] ?>" /> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> <input type="image" src="images/x.png" alt="<?php echo __('Delete comment') ?> name="submit" value="1" /> </fieldset> </form> diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index 023fef1..b41fded 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -60,6 +60,9 @@ if ($SID && ($uid == $row["MaintainerUID"] || <form method="post" action="packages.php?ID=<?php echo $pkgid ?>"> <div> <input type="hidden" name="action" value="do_ChangeCategory" /> + <?php if ($SID): ?> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <?php endif; ?> <select name="category_id"> <?php foreach ($catarr as $cid => $catname): diff --git a/web/template/pkg_search_results.php b/web/template/pkg_search_results.php index d676c0a..9076675 100644 --- a/web/template/pkg_search_results.php +++ b/web/template/pkg_search_results.php @@ -115,6 +115,7 @@ if (!$result): ?> <input type="text" id="merge_Into" name="merge_Into" /> <input type="checkbox" name="confirm_Delete" value="1" /> <?php echo __("Confirm") ?> <?php endif; ?> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> <input type="submit" class="button" style="width: 80px" value="<?php echo __("Go") ?>" /> </p> <?php endif; # if ($SID) ?> diff --git a/web/template/tu_details.php b/web/template/tu_details.php index 33e87a8..38015e1 100644 --- a/web/template/tu_details.php +++ b/web/template/tu_details.php @@ -67,6 +67,7 @@ <input type="submit" class="button" name="voteNo" value="<?php print __("No") ?>" /> <input type="submit" class="button" name="voteAbstain" value="<?php print __("Abstain") ?>" /> <input type="hidden" name="doVote" value="1" /> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> </fieldset> </form> <?php else: |