From: Evan Prodromou Date: Fri, 29 Aug 2008 05:11:04 +0000 (-0400) Subject: CSRF protection for subscription/unsubscription X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=4272da4e9e2ab9c99b4b9897f04c92cd7987cb8b;p=quix0rs-gnu-social.git CSRF protection for subscription/unsubscription darcs-hash:20080829051104-84dde-9bd23c28c2c8a720046060a33ff3e5f246c47116.gz --- diff --git a/actions/showstream.php b/actions/showstream.php index 29ff58a594..7b41b8514e 100644 --- a/actions/showstream.php +++ b/actions/showstream.php @@ -179,6 +179,7 @@ class ShowstreamAction extends StreamAction { function show_subscribe_form($profile) { common_element_start('form', array('id' => 'subscribe', 'method' => 'post', 'action' => common_local_url('subscribe'))); + common_hidden('token', common_session_token()); common_element('input', array('id' => 'subscribeto', 'name' => 'subscribeto', 'type' => 'hidden', @@ -200,6 +201,7 @@ class ShowstreamAction extends StreamAction { function show_unsubscribe_form($profile) { common_element_start('form', array('id' => 'unsubscribe', 'method' => 'post', 'action' => common_local_url('unsubscribe'))); + common_hidden('token', common_session_token()); common_element('input', array('id' => 'unsubscribeto', 'name' => 'unsubscribeto', 'type' => 'hidden', diff --git a/actions/subscribe.php b/actions/subscribe.php index 71452e46cc..8bb723799c 100644 --- a/actions/subscribe.php +++ b/actions/subscribe.php @@ -36,6 +36,15 @@ class SubscribeAction extends Action { return; } + # CSRF protection + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); + return; + } + $other_nickname = $this->arg('subscribeto'); $result=subs_subscribe_user($user, $other_nickname); diff --git a/actions/unsubscribe.php b/actions/unsubscribe.php index 5814c37bda..e0392413d9 100644 --- a/actions/unsubscribe.php +++ b/actions/unsubscribe.php @@ -33,6 +33,15 @@ class UnsubscribeAction extends Action { return; } + # CSRF protection + + $token = $this->trimmed('token'); + + if (!$token || $token != common_session_token()) { + common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname))); + return; + } + $other_nickname = $this->arg('unsubscribeto'); $result=subs_unsubscribe_user($user,$other_nickname); if($result!=true) {