From af519cfb56da7312eecbb5812484fcbce08e4419 Mon Sep 17 00:00:00 2001
From: atutor <info@atutor.ca>
Date: Sat, 28 Feb 2015 10:23:11 -0500
Subject: [PATCH] 5566 created a more general function to check referer, and
 updated create user and create admin to use it

---
 include/lib/vital_funcs.inc.php    | 18 +++++++++++++++++-
 mods/_core/users/admins/create.php | 10 +++-------
 mods/_core/users/create_user.php   |  9 ++-------
 3 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/include/lib/vital_funcs.inc.php b/include/lib/vital_funcs.inc.php
index 7f520f3ba..54f460017 100644
--- a/include/lib/vital_funcs.inc.php
+++ b/include/lib/vital_funcs.inc.php
@@ -663,7 +663,23 @@ function admin_authenticate($privilege = 0, $check = false) {
 	}
 	return true;
 }
-
+/**
+ * Check if referer is in the $_pages array to prevent CSRF access
+ * @access public
+ * @return error message access denied
+ */
+function check_referer(){
+    global $_pages, $_base_href, $msg;
+    if(isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] !='' && $_SERVER['HTTP_REFERER'] != $_SERVER['PHP_SELF']){
+        $referer_script = preg_replace('#'.$_base_href.'#', '', $_SERVER['HTTP_REFERER']);
+        if( !in_array($_pages[$referer_script], $_pages)){
+			$msg->addError('ACCESS_DENIED');
+			require(AT_INCLUDE_PATH.'header.inc.php'); 
+			require(AT_INCLUDE_PATH.'footer.inc.php'); 
+			exit;
+        }
+    }
+}
 /**
  * Check if the give theme is a subsite customized theme. Return true if it is, otherwise, return false
  * @access public
diff --git a/mods/_core/users/admins/create.php b/mods/_core/users/admins/create.php
index e8fed96c6..ea8261b17 100644
--- a/mods/_core/users/admins/create.php
+++ b/mods/_core/users/admins/create.php
@@ -15,13 +15,9 @@
 define('AT_INCLUDE_PATH', '../../../../include/');
 require(AT_INCLUDE_PATH.'vitals.inc.php');
 admin_authenticate(AT_ADMIN_PRIV_ADMIN);
-if($_SERVER['HTTP_REFERER'] != $_SERVER['PHP_SELF']){
-    $referer_script = preg_replace('#'.$_base_href.'#', '', $_SERVER['HTTP_REFERER']);
-    if(!in_array($_pages[$referer_script], $_pages)){
-    echo "not a valid referer";
-    exit;
-    }
-}
+// Prevent remote access via CSRF: 5566
+// Ref include/lib/vitals-inc.php
+check_referer();
 
 if (isset($_POST['cancel'])) {
 	$msg->addFeedback('CANCELLED');
diff --git a/mods/_core/users/create_user.php b/mods/_core/users/create_user.php
index 12745b799..1febd27d8 100644
--- a/mods/_core/users/create_user.php
+++ b/mods/_core/users/create_user.php
@@ -16,13 +16,8 @@
 require(AT_INCLUDE_PATH.'vitals.inc.php');
 admin_authenticate(AT_ADMIN_PRIV_USERS);
 // Prevent remote access via CSRF: 5566
-if($_SERVER['HTTP_REFERER'] != $_SERVER['PHP_SELF']){
-    $referer_script = preg_replace('#'.$_base_href.'#', '', $_SERVER['HTTP_REFERER']);
-    if(!in_array($_pages[$referer_script], $_pages)){
-    echo "not a valid referer";
-    exit;
-    }
-}
+// Ref include/lib/vitals-inc.php
+check_referer();
 
 if (isset($_POST['cancel'])) {
 	header('Location: '.AT_BASE_HREF.'mods/_core/users/users.php');