From 6509cc6039c192b34a85f42a0d3a8654d711734a Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Fri, 7 Feb 2014 12:24:48 +0100 Subject: [PATCH] [ADDE] CSRF validation for Worker Deletion * [ADDED] CSRF token checks to worker page * [CHANGED] Check for both _GET and _POST ctokens * [ADDED] CSRF token to each delete call URL Fixes #1702 once merged --- public/include/pages/account/workers.inc.php | 16 ++++++++++------ public/index.php | 6 +++--- .../templates/mpos/account/workers/default.tpl | 2 +- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/public/include/pages/account/workers.inc.php b/public/include/pages/account/workers.inc.php index b861600d..e85623f1 100644 --- a/public/include/pages/account/workers.inc.php +++ b/public/include/pages/account/workers.inc.php @@ -4,13 +4,17 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1; if ($user->isAuthenticated()) { switch (@$_REQUEST['do']) { case 'delete': - if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success'); + if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) { + if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success'); + } else { + $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); + } } else { - $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); + $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info'); } break; - + case 'add': if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) { if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) { @@ -22,7 +26,7 @@ if ($user->isAuthenticated()) { $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info'); } break; - + case 'update': if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) { if ($worker->updateWorkers($_SESSION['USERDATA']['id'], @$_POST['data'])) { @@ -43,4 +47,4 @@ if ($user->isAuthenticated()) { } $smarty->assign('CONTENT', 'default.tpl'); -?> \ No newline at end of file +?> diff --git a/public/index.php b/public/index.php index 1af0fa62..c0a91804 100644 --- a/public/index.php +++ b/public/index.php @@ -147,9 +147,9 @@ if (is_dir(INCLUDE_DIR . '/pages/' . $page)) { $action = (isset($_REQUEST['action']) && !is_array($_REQUEST['action'])) && isset($arrActions[$_REQUEST['action']]) ? $_REQUEST['action'] : ""; // Check csrf token validity if necessary -if ($config['csrf']['enabled'] && isset($_POST['ctoken']) && !empty($_POST['ctoken']) && !is_array($_POST['ctoken'])) { - $csrftoken->valid = ($csrftoken->checkBasic($user->getCurrentIP(), $arrPages[$page], $_POST['ctoken'])) ? 1 : 0; -} else if ($config['csrf']['enabled'] && (!@$_POST['ctoken'] || empty($_POST['ctoken']))) { +if ($config['csrf']['enabled'] && isset($_REQUEST['ctoken']) && !empty($_REQUEST['ctoken']) && !is_array($_REQUEST['ctoken'])) { + $csrftoken->valid = ($csrftoken->checkBasic($user->getCurrentIP(), $arrPages[$page], $_REQUEST['ctoken'])) ? 1 : 0; +} else if ($config['csrf']['enabled'] && (!@$_REQUEST['ctoken'] || empty($_REQUEST['ctoken']))) { $csrftoken->valid = 0; } if ($config['csrf']['enabled']) $smarty->assign('CTOKEN', $csrftoken->getBasic($user->getCurrentIP(), $arrPages[$page])); diff --git a/public/templates/mpos/account/workers/default.tpl b/public/templates/mpos/account/workers/default.tpl index fba19f28..1d46cda2 100644 --- a/public/templates/mpos/account/workers/default.tpl +++ b/public/templates/mpos/account/workers/default.tpl @@ -63,7 +63,7 @@ {/if} {$WORKERS[worker].hashrate|number_format} {$WORKERS[worker].difficulty|number_format:"2"} - + {/section} {/nocache}