Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix CSRF when adding requirements bypass (#155)
  • Loading branch information
apple502j committed Jan 4, 2022
1 parent b218cb1 commit 5ed5479
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 10 deletions.
4 changes: 2 additions & 2 deletions src/SpecialConfirmAccounts.php
Expand Up @@ -362,7 +362,7 @@ function handleFormSubmission(&$request, &$output, &$session) {
$this->handleUnblockFormSubmission($request, $output, $session);
} else if ($request->getText('bypassAddUsername') || $request->getText('bypassRemoveUsername')) { //TODO: refactor to move all the subpages into their own files
$bypassPage = new RequirementsBypassPage($this);
$bypassPage->handleFormSubmission();
$bypassPage->handleFormSubmission($session);
}
}

Expand Down Expand Up @@ -445,7 +445,7 @@ function execute( $par ) {
return $this->blocksPage($par, $request, $output, $session);
} else if (strpos($par, wfMessage('scratch-confirmaccount-requirements-bypasses-url')->text()) === 0) {
$bypassPage = new RequirementsBypassPage($this);
return $bypassPage->render();
return $bypassPage->render($session);
} else if ($request->getText('username')) {
return $this->searchByUsername($request->getText('username'), $request, $output);
} else if (isset(statuses[$par])) {
Expand Down
29 changes: 21 additions & 8 deletions src/subpages/RequirementsBypassPage.php
@@ -1,5 +1,8 @@
<?php
require_once __DIR__ . '/../database/DatabaseInteractions.php';
require_once __DIR__ . '/../common.php';

use MediaWiki\Session\Session;

class RequirementsBypassPage {
private $pageContext;
Expand All @@ -14,8 +17,13 @@ function __construct(SpecialPage $pageContext) {
$this->pageContext = $pageContext;
}

function handleFormSubmission() {
$request = $request = $this->pageContext->getRequest();
function handleFormSubmission(Session &$session) {
$request = $this->pageContext->getRequest();

if (isCSRF($session, $request->getText('csrftoken'))) {
$this->pageContext->getOutput()->showErrorPage('error', 'scratch-confirmaccount-csrf');
return;
}

$dbw = getTransactableDatabase('scratch-confirmaccount-bypasses');

Expand All @@ -27,10 +35,10 @@ function handleFormSubmission() {

commitTransaction($dbw, 'scratch-confirmaccount-bypasses');

$this->render();
$this->render($session);
}

function showAddBypassForm() {
function showAddBypassForm(Session &$session) {
$output = $this->pageContext->getOutput();
$request = $this->pageContext->getRequest();

Expand All @@ -39,6 +47,10 @@ function showAddBypassForm() {
'action' => SpecialPage::getTitleFor('ConfirmAccounts', wfMessage('scratch-confirmaccount-requirements-bypasses-url')->text())->getFullURL(),
'method' => 'post',
'items' => [
new OOUI\HiddenInputWidget([
'name' => 'csrftoken',
'value' => setCSRFToken($session)
]),
new OOUI\ActionFieldLayout(
new OOUI\TextInputWidget( [
'name' => 'bypassAddUsername',
Expand All @@ -56,7 +68,7 @@ function showAddBypassForm() {
);
}

function showBypassesList() {
function showBypassesList(Session &$session) {
$output = $this->pageContext->getOutput();

$dbr = getReadOnlyDatabase();
Expand All @@ -77,6 +89,7 @@ function showBypassesList() {

$table .= Html::openElement('td');
$table .= Html::openElement('form', ['action' => SpecialPage::getTitleFor('ConfirmAccounts', wfMessage('scratch-confirmaccount-requirements-bypasses-url')->text())->getFullURL(), 'method' => 'post']);
$table .= Html::element('input', ['type' => 'hidden', 'name' => 'csrftoken', 'value' => setCSRFToken($session)]);
$table .= Html::element('input', ['type' => 'hidden', 'name' => 'bypassRemoveUsername', 'value' => $username]);
$table .= Html::element('input', ['type' => 'submit', 'value' => wfMessage('scratch-confirmaccount-requirements-bypasses-remove')->text()]);
$table .= Html::closeElement('form');
Expand All @@ -90,12 +103,12 @@ function showBypassesList() {
$output->addHTML($table);
}

function render() {
function render(Session &$session) {
$output = $this->pageContext->getOutput();

$output->enableOOUI();

$this->showAddBypassForm();
$this->showBypassesList();
$this->showAddBypassForm($session);
$this->showBypassesList($session);
}
}

0 comments on commit 5ed5479

Please sign in to comment.