diff options
Diffstat (limited to 'web/html')
-rw-r--r-- | web/html/account.php | 14 | ||||
-rw-r--r-- | web/html/addvote.php | 7 | ||||
-rw-r--r-- | web/html/packages.php | 70 | ||||
-rw-r--r-- | web/html/pkgsubmit.php | 6 | ||||
-rw-r--r-- | web/html/tu.php | 2 |
5 files changed, 56 insertions, 43 deletions
diff --git a/web/html/account.php b/web/html/account.php index ce3f777..b0906d9 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -74,13 +74,13 @@ if (isset($_COOKIE["AURSID"])) { } elseif ($action == "UpdateAccount") { # user is submitting their modifications to an existing account # - process_account_form($atype, "edit", "UpdateAccount", - in_request("U"), in_request("T"), in_request("S"), - in_request("E"), in_request("P"), in_request("C"), - in_request("R"), in_request("L"), in_request("I"), - in_request("K"), in_request("ID")); - - + if (check_token()) { + process_account_form($atype, "edit", "UpdateAccount", + in_request("U"), in_request("T"), in_request("S"), + in_request("E"), in_request("P"), in_request("C"), + in_request("R"), in_request("L"), in_request("I"), + in_request("K"), in_request("ID")); + } } else { if ($atype == "Trusted User" || $atype == "Developer") { # display the search page if they're a TU/dev diff --git a/web/html/addvote.php b/web/html/addvote.php index dd1f47b..d3bd7d4 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -19,7 +19,11 @@ if (isset($_COOKIE["AURSID"])) { if ($atype == "Trusted User" || $atype == "Developer") { - if (!empty($_POST['addVote'])) { + if (!empty($_POST['addVote']) && !check_token()) { + $error = __("Invalid token for user action."); + } + + if (!empty($_POST['addVote']) && check_token()) { $error = ""; if (!empty($_POST['user'])) { @@ -79,6 +83,7 @@ if ($atype == "Trusted User" || $atype == "Developer") { <b><?php print __("Proposal") ?></b><br /> <textarea name="agenda" rows="15" cols="80"><?php if (!empty($_POST['agenda'])) { print htmlentities($_POST['agenda']); } ?></textarea><br /> <input type="hidden" name="addVote" value="1" /> + <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" /> <input type="submit" class="button" value="<?php print __("Submit"); ?>" /> </p> </form> diff --git a/web/html/packages.php b/web/html/packages.php index aa1d04c..ec76e41 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -38,46 +38,48 @@ if (isset($_POST['IDs'])) { # Determine what action to do $output = ""; -if (current_action("do_Flag")) { - $output = pkg_flag($atype, $ids, true); -} elseif (current_action("do_UnFlag")) { - $output = pkg_flag($atype, $ids, False); -} elseif (current_action("do_Adopt")) { - $output = pkg_adopt($atype, $ids, true); -} elseif (current_action("do_Disown")) { - $output = pkg_adopt($atype, $ids, False); -} elseif (current_action("do_Vote")) { - $output = pkg_vote($atype, $ids, true); -} elseif (current_action("do_UnVote")) { - $output = pkg_vote($atype, $ids, False); -} elseif (current_action("do_Delete")) { - if (isset($_POST['confirm_Delete'])) { - if (!isset($_POST['merge_Into']) || empty($_POST['merge_Into'])) { - $output = pkg_delete($atype, $ids, NULL); - unset($_GET['ID']); - } - else { - $mergepkgid = pkgid_from_name($_POST['merge_Into']); - if ($mergepkgid) { - $output = pkg_delete($atype, $ids, $mergepkgid); +if (check_token()) { + if (current_action("do_Flag")) { + $output = pkg_flag($atype, $ids, true); + } elseif (current_action("do_UnFlag")) { + $output = pkg_flag($atype, $ids, False); + } elseif (current_action("do_Adopt")) { + $output = pkg_adopt($atype, $ids, true); + } elseif (current_action("do_Disown")) { + $output = pkg_adopt($atype, $ids, False); + } elseif (current_action("do_Vote")) { + $output = pkg_vote($atype, $ids, true); + } elseif (current_action("do_UnVote")) { + $output = pkg_vote($atype, $ids, False); + } elseif (current_action("do_Delete")) { + if (isset($_POST['confirm_Delete'])) { + if (!isset($_POST['merge_Into']) || empty($_POST['merge_Into'])) { + $output = pkg_delete($atype, $ids, NULL); unset($_GET['ID']); } else { - $output = __("Cannot find package to merge votes and comments into."); + $mergepkgid = pkgid_from_name($_POST['merge_Into']); + if ($mergepkgid) { + $output = pkg_delete($atype, $ids, $mergepkgid); + unset($_GET['ID']); + } + else { + $output = __("Cannot find package to merge votes and comments into."); + } } } + else { + $output = __("The selected packages have not been deleted, check the confirmation checkbox."); + } + } elseif (current_action("do_Notify")) { + $output = pkg_notify($atype, $ids); + } elseif (current_action("do_UnNotify")) { + $output = pkg_notify($atype, $ids, False); + } elseif (current_action("do_DeleteComment")) { + $output = pkg_delete_comment($atype); + } elseif (current_action("do_ChangeCategory")) { + $output = pkg_change_category($atype); } - else { - $output = __("The selected packages have not been deleted, check the confirmation checkbox."); - } -} elseif (current_action("do_Notify")) { - $output = pkg_notify($atype, $ids); -} elseif (current_action("do_UnNotify")) { - $output = pkg_notify($atype, $ids, False); -} elseif (current_action("do_DeleteComment")) { - $output = pkg_delete_comment($atype); -} elseif (current_action("do_ChangeCategory")) { - $output = pkg_change_category($atype); } html_header($title); diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 737812e..65e2f6d 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -27,6 +27,11 @@ if ($uid): if (isset($_REQUEST['pkgsubmit'])) { + # Make sure authenticated user submitted the package themselves + if (!check_token()) { + $error = __("Invalid token for user action."); + } + # Before processing, make sure we even have a file switch($_FILES['pfile']['error']) { case UPLOAD_ERR_INI_SIZE: @@ -428,6 +433,7 @@ html_header("Submit"); <fieldset> <div> <input type="hidden" name="pkgsubmit" value="1" /> + <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" /> </div> </div> <p> <label for="id_category"><?php print __("Package Category"); ?>:</label> diff --git a/web/html/tu.php b/web/html/tu.php index 48cd6c1..8619903 100644 --- a/web/html/tu.php +++ b/web/html/tu.php @@ -49,7 +49,7 @@ if ($atype == "Trusted User" || $atype == "Developer") { } if ($canvote == 1) { - if (isset($_POST['doVote'])) { + if (isset($_POST['doVote']) && check_token()) { if (isset($_POST['voteYes'])) { $myvote = "Yes"; } else if (isset($_POST['voteNo'])) { |