From 69b98efa35d48d794394df938741fdfc342cfb84 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Tue, 27 Aug 2013 02:18:59 +0200 Subject: Re-add CRSF tokens to most package actions We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add virtual path support for package actions, 2012-07-17) partly reverted this by injecting a valid CRSF token when virtual paths are in use. This patch allows for keeping the virtual path feature, while reintroducing POST forms and CRSF tokens. Actions like package flagging, votes and notifications are no longer prone to CRSF (see FS#35437 for details). Signed-off-by: Lukas Fleischer --- web/html/index.php | 4 ---- web/template/pkg_details.php | 6 ++++++ 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'web') diff --git a/web/html/index.php b/web/html/index.php index 1cb48ac..be6c98d 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -59,10 +59,6 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { return; } - if (isset($_COOKIE['AURSID'])) { - $_POST['token'] = $_COOKIE['AURSID']; - } - $_POST['IDs'] = array(pkgid_from_name($tokens[2]) => '1'); } } diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index bd54923..0484924 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -41,6 +41,7 @@ $sources = package_sources($row["ID"]);
  • +
  • @@ -48,6 +49,7 @@ $sources = package_sources($row["ID"]); ($uid == $row["MaintainerUID"] || $atype == "Trusted User" || $atype == "Developer")): ?>
  • +
  • @@ -55,12 +57,14 @@ $sources = package_sources($row["ID"]);
  • +
  • +
  • @@ -68,12 +72,14 @@ $sources = package_sources($row["ID"]);
  • +
  • +
  • -- cgit v1.2.3-70-g09d2