Permalink
Browse files

Merge pull request #893 from SocketReve/master

CSRF checks
  • Loading branch information...
2 parents 40d2f12 + c5e5ac7 commit 0a9fb417f0becc75add5f22d2aaa0aba30e16b7e @daeks daeks committed Feb 26, 2016
View
@@ -64,7 +64,7 @@ public static function construct(){
if(!defined('THEME')){
define("THEME", "default");
}
-
+
if(!defined('LANGUAGE')){
define("LANGUAGE", "en");
}
@@ -86,7 +86,7 @@ public static function startSession() {
session_name(md5(BASE_PATH));
session_start();
-
+
//Check for external authentification
if(defined('AUTH_PATH')){
require_once(AUTH_PATH);
@@ -103,7 +103,7 @@ public static function startSession() {
//////////////////////////////////////////////////////////////////
// Read Content of directory
//////////////////////////////////////////////////////////////////
-
+
public static function readDirectory($foldername) {
$tmp = array();
$allFiles = scandir($foldername);
@@ -243,6 +243,17 @@ public static function checkAccess() {
}
//////////////////////////////////////////////////////////////////
+ // Check CSRF Token
+ //////////////////////////////////////////////////////////////////
+
+ public static function checkCSRFToken() {
+ if(!isset($_SERVER["HTTP_X_CSRFTOKEN"])) {
+ return false;
+ }
+ return $_SESSION['token'] == $_SERVER["HTTP_X_CSRFTOKEN"];
+ }
+
+ //////////////////////////////////////////////////////////////////
// Check Path
//////////////////////////////////////////////////////////////////
@@ -286,7 +297,7 @@ public static function isAvailable($func) {
public static function isAbsPath( $path ) {
return ($path[0] === '/' || $path[1] === ':')?true:false;
}
-
+
//////////////////////////////////////////////////////////////////
// Check If WIN based system
//////////////////////////////////////////////////////////////////
@@ -309,6 +320,7 @@ function getJSON($file,$namespace=""){ return Common::getJSON($file,$namespace);
function saveJSON($file,$data,$namespace=""){ Common::saveJSON($file,$data,$namespace); }
function formatJSEND($status,$data=false){ return Common::formatJSEND($status,$data); }
function checkAccess() { return Common::checkAccess(); }
+ function checkCSRFToken() { return Common::checkCSRFToken(); }
function checkPath($path) { return Common::checkPath($path); }
function isAvailable($func) { return Common::isAvailable($func); }
?>
@@ -16,7 +16,10 @@
//////////////////////////////////////////////////////////////////
checkSession();
-
+ if(!checkCSRFToken()) {
+ die(formatJSEND("error","CSRF not valid"));
+ }
+
//////////////////////////////////////////////////////////////////
// Get user's active files
//////////////////////////////////////////////////////////////////
@@ -66,7 +69,7 @@
$Active->path = $_GET['path'];
$Active->Remove();
}
-
+
//////////////////////////////////////////////////////////////////
// Remove all active record
//////////////////////////////////////////////////////////////////
@@ -75,7 +78,7 @@
$Active->username = $_SESSION['user'];
$Active->RemoveAll();
}
-
+
//////////////////////////////////////////////////////////////////
// Mark file as focused
//////////////////////////////////////////////////////////////////
@@ -86,4 +89,4 @@
$Active->MarkFileAsFocused();
}
-?>
+?>
@@ -15,9 +15,12 @@
//////////////////////////////////////////////////////////////////
checkSession();
-
- $market = new Market();
+ if(!checkCSRFToken()) {
+ die(formatJSEND("error","CSRF not valid"));
+ }
+ $market = new Market();
+
//////////////////////////////////////////////////////////////////
// Install
//////////////////////////////////////////////////////////////////
@@ -27,17 +30,17 @@
$market->Install($_GET['type'], $_GET['name'], $_GET['repo']);
}
}
-
+
//////////////////////////////////////////////////////////////////
- // Remove
+ // Remove
//////////////////////////////////////////////////////////////////
if($_GET['action']=='remove'){
if(checkAccess()) {
$market->Remove($_GET['type'], $_GET['name']);
}
}
-
+
//////////////////////////////////////////////////////////////////
// Update
//////////////////////////////////////////////////////////////////
@@ -48,4 +51,4 @@
}
}
-?>
+?>
@@ -33,10 +33,12 @@
checkAuth: function() {
- // Run controller to check session (also acts as keep-alive) & Check user
+ // Run controller to check session (also acts as keep-alive) & Check user & retrieve CSRF token
$.get(codiad.user.controller + '?action=verify', function(data) {
if (data == 'false') {
codiad.user.logout();
+ } else {
+ window.csrf_token = data;
}
});
@@ -65,4 +67,4 @@
};
-})(this, jQuery);
+})(this, jQuery);
@@ -55,7 +55,7 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='create'){
- if(checkAccess()) {
+ if(checkAccess() && checkCSRFToken()) {
$Project->name = $_GET['project_name'];
if($_GET['project_path'] != '') {
$Project->path = $_GET['project_path'];
@@ -70,7 +70,7 @@
$Project->Create();
}
}
-
+
//////////////////////////////////////////////////////////////////
// Rename Project
//////////////////////////////////////////////////////////////////
@@ -88,7 +88,7 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='delete'){
- if(checkAccess()) {
+ if(checkAccess() && checkCSRFToken()) {
$Project->path = $_GET['project_path'];
$Project->Delete();
}
@@ -106,4 +106,4 @@
}
}
-?>
+?>
@@ -187,7 +187,13 @@ public function Verify(){
$pass = 'false';
foreach($this->users as $user=>$data){
if($this->username==$data['username']){
- $pass = 'true';
+ if(isset($_SERVER["HTTP_X_CSRFTOKEN"])) {
+ if($_SESSION['token'] == $_SERVER["HTTP_X_CSRFTOKEN"]) {
+ $token = sha1(uniqid(rand(), TRUE));
+ $_SESSION['token'] = $token;
+ $pass = $token;
+ }
+ }
}
}
echo($pass);
@@ -12,7 +12,7 @@
if(!isset($_GET['action'])){
die(formatJSEND("error","Missing parameter"));
}
-
+
//////////////////////////////////////////////////////////////////
// Verify Session or Key
//////////////////////////////////////////////////////////////////
@@ -29,7 +29,7 @@
if(!isset($_POST['username']) || !isset($_POST['password'])){
die(formatJSEND("error","Missing username or password"));
}
-
+
$User->username = $_POST['username'];
$User->password = $_POST['password'];
@@ -59,11 +59,11 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='create'){
- if(checkAccess()) {
+ if(checkAccess() && checkCSRFToken()) {
if(!isset($_POST['username']) || !isset($_POST['password'])){
die(formatJSEND("error","Missing username or password"));
}
-
+
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$User->Create();
@@ -75,11 +75,11 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='delete'){
- if(checkAccess()) {
+ if(checkAccess() && checkCSRFToken()) {
if(!isset($_GET['username'])){
die(formatJSEND("error","Missing username"));
}
-
+
$User->username = $_GET['username'];
$User->Delete();
}
@@ -90,12 +90,12 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='project_access'){
- if(checkAccess()) {
+ if(checkAccess() && checkCSRFToken()) {
if(!isset($_GET['username'])){
die(formatJSEND("error","Missing username"));
}
$User->username = $_GET['username'];
-
+
//No project selected
if(isset($_POST['projects'])){
$User->projects = $_POST['projects'];
@@ -114,8 +114,8 @@
if(!isset($_POST['username']) || !isset($_POST['password'])){
die(formatJSEND("error","Missing username or password"));
}
-
- if(checkAccess() || $_POST['username'] == $_SESSION['user']) {
+
+ if((checkAccess()|| $_POST['username'] == $_SESSION['user']) && checkCSRFToken()){
$User->username = $_POST['username'];
$User->password = $_POST['password'];
$User->Password();
@@ -130,7 +130,7 @@
if(!isset($_GET['project'])){
die(formatJSEND("error","Missing project"));
}
-
+
$User->username = $_SESSION['user'];
$User->project = $_GET['project'];
$User->Project();
Oops, something went wrong.

0 comments on commit 0a9fb41

Please sign in to comment.