Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pixiv-winter-internship 脆弱性対処 #6

Closed
wants to merge 6 commits into from
Closed

pixiv-winter-internship 脆弱性対処 #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e14f19f
パスワード入力はtypeをpasswordに
takechanman1228 Nov 27, 2015
2a865e3
ユーザーのパスワードをハッシュ化
takechanman1228 Nov 29, 2015
4c8f002
POSTでログイン
takechanman1228 Nov 29, 2015
01b15ff
Sanitize Markdown from XSS
takechanman1228 Nov 29, 2015
fcb19bb
Protect from SQL Injection
takechanman1228 Nov 30, 2015
e3e25e5
remove unnecessary escape
takechanman1228 Nov 30, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 2 additions & 1 deletion composer.json
View file
Open in desktop
Expand Up @@ -21,6 +21,7 @@
"twig/extensions": "^1.3",
"erusev/parsedown": "^1.6",
"vlucas/phpdotenv": "^2.1",
"symfony/filesystem": "^2.7"
"symfony/filesystem": "^2.7",
"ezyang/htmlpurifier": "dev-master"
}
}
2 changes: 1 addition & 1 deletion htdocs/index.php
View file
Open in desktop
Expand Up @@ -16,7 +16,7 @@
$routing_map = [
'logout' => ['GET', '/logout', 'logout'],
'login' => ['GET', '/login', 'login'],
['GET', '/login', 'login'],
['POST', '/login', 'login'],
'regist' => ['GET', '/regist', 'regist'],
['POST', '/regist', 'regist'],
'room' => ['GET', '/rooms/:slug', 'room', ['slug' => '/[-a-zA-Z]+/']],
Expand Down
10 changes: 7 additions & 3 deletions src/Controller/add_room.php
View file
Open in desktop
Expand Up @@ -25,8 +25,9 @@ function action(\Baguette\Application $app, \Teto\Routing\Action $action)

private static function isTyouhuku(string $slug): bool
{
$query = "SELECT * FROM `rooms` WHERE `slug` = \"${slug}\" ";
$query = "SELECT * FROM `rooms` WHERE `slug` = :slug ";
$stmt = db()->prepare($query);
$stmt->bindValue(':slug', $slug, \PDO::PARAM_STR);
$stmt->execute();
$data = $stmt->fetch(\PDO::FETCH_ASSOC);

Expand All @@ -35,16 +36,19 @@ private static function isTyouhuku(string $slug): bool

private static function regist($slug, $name, $user): bool
{
$query = "INSERT INTO `rooms`(`slug`, `name`) VALUES( \"{$slug}\", \"{$name}\" ); ";
$query = "INSERT INTO `rooms`(`slug`, `name`) VALUES( :slug, :name ); ";
$stmt = db()->prepare($query);
$stmt->bindValue(':slug', $slug, \PDO::PARAM_STR);
$stmt->bindValue(':name', $name, \PDO::PARAM_STR);
$stmt->execute();
$id = db()->lastInsertId();

$now = date('Y-m-d H:i:s', strtotime('+9 hours'));
$user_name = $user->name;
$message = str_replace('"', '\\"', "**{$user_name}さん**が部屋を作りました!");
$query = "INSERT INTO `posts` VALUES( {$id}, 0, \"{$now}\", \"{$message}\" )";
$query = "INSERT INTO `posts` VALUES( {$id}, 0, \"{$now}\", :message )";
$stmt = db()->prepare($query);
$stmt->bindValue(':message', $message, \PDO::PARAM_STR);
$stmt->execute();

return true;
Expand Down
24 changes: 17 additions & 7 deletions src/Controller/login.php
View file
Open in desktop
Expand Up @@ -21,25 +21,35 @@ public function action(\Baguette\Application $app, \Teto\Routing\Action $action)
$user = trim($_REQUEST['user']);
$pass = $_REQUEST['password'];
$query
= 'SELECT `users`.`id`, `users`.`slug`, `users`.`name` '
= 'SELECT `users`.`id`, `users`.`slug`, `users`.`name`, `user_passwords`.`password` '
. 'FROM `users` '
. 'INNER JOIN `user_passwords` '
. ' ON `users`.`id` = `user_passwords`.`user_id` '
. "WHERE `users`.`slug` = \"${user}\" "
. " AND `user_passwords`.`password` = \"${pass}\" ";
. "WHERE `users`.`slug` = \"${user}\" ";
$stmt = db()->prepare($query);
$stmt->bindValue(':user', $user, \PDO::PARAM_STR);
$stmt->execute();

if ($login = $stmt->fetch(\PDO::FETCH_ASSOC)) {
$app->session->set('user_id', $login['id']);
$app->session->set('user_slug', $login['slug']);
$app->session->set('user_name', $login['name']);
return new Response\RedirectResponse('/');
//パスワードの照合
if (password_verify($pass, $login['password'])) {
$app->session->set('user_id', $login['id']);
$app->session->set('user_slug', $login['slug']);
$app->session->set('user_name', $login['name']);
return new Response\RedirectResponse('/');
} else {
//Invalid Password
$error = "Invalid Password!";
}

} else {
$error = "Invalid User Name or Password!";
}
}

return new Response\TwigResponse('login.tpl.html', [
'user' => isset($_REQUEST['user']) ? $_REQUEST['user'] : null,
'error' => isset($error) ? $error : null,
]);
}
}
16 changes: 13 additions & 3 deletions src/Controller/regist.php
View file
Open in desktop
Expand Up @@ -37,8 +37,10 @@ private static function isTyouhuku(string $user_name): bool

$user = trim($user_name);
$pass = $_REQUEST['password'];
$query = "SELECT * FROM `users` WHERE `slug` = \"${user}\" ";
//$query = "SELECT * FROM `users` WHERE `slug` = \"${user}\" ";
$query = "SELECT * FROM `users` WHERE `slug` = :user ";
$stmt = db()->prepare($query);
$stmt->bindValue(':user', $user, \PDO::PARAM_STR);
$stmt->execute();
$data = $stmt->fetch(\PDO::FETCH_ASSOC);

Expand All @@ -47,13 +49,21 @@ private static function isTyouhuku(string $user_name): bool

private static function regist($slug, $name, $password): array
{
$query = "INSERT INTO `users`(`slug`, `name`) VALUES( \"{$slug}\", \"{$name}\" ); ";
$query = "INSERT INTO `users`(`slug`, `name`) VALUES( :slug, :name ); ";
$stmt = db()->prepare($query);
$stmt->bindValue(':slug', $slug, \PDO::PARAM_STR);
$stmt->bindValue(':name', $name, \PDO::PARAM_STR);
$stmt->execute();

//パスワードをハッシュ化
$options = [
'cost' => 12,
];
$password = password_hash($password, PASSWORD_BCRYPT, $options);
$id = db()->lastInsertId();
$query = "INSERT INTO `user_passwords` VALUES( {$id}, \"{$password}\" ); ";
$query = "INSERT INTO `user_passwords` VALUES( {$id}, :password ); ";
$stmt = db()->prepare($query);
$stmt->bindValue(':password', $password, \PDO::PARAM_STR);
$stmt->execute();

return [
Expand Down
9 changes: 6 additions & 3 deletions src/Controller/room.php
View file
Open in desktop
Expand Up @@ -14,17 +14,20 @@ public function action(\Baguette\Application $app, \Teto\Routing\Action $action)
{
$room = $action->param['slug'];

$query = "SELECT * FROM `rooms` WHERE `slug` = \"{$room}\"";
$query = "SELECT * FROM `rooms` WHERE `slug` = :room";
$stmt = db()->prepare($query);
$stmt->bindValue(':room', $room, \PDO::PARAM_STR);
$stmt->execute();
$data = $stmt->fetch(\PDO::FETCH_ASSOC);

if (!empty($_REQUEST['message'])) {
$now = date('Y-m-d H:i:s', strtotime('+9 hours'));
$message = str_replace('"', '\\"', $_REQUEST['message']);
$message = $_REQUEST['message'];
$user_id = $_REQUEST['user_id'];
$query = "INSERT INTO `posts` VALUES( {$data['id']}, {$user_id}, \"{$now}\", \"{$message}\" )";
$query = "INSERT INTO `posts` VALUES( {$data['id']}, :user_id, \"{$now}\", :message )";
$stmt = db()->prepare($query);
$stmt->bindValue(':user_id', $user_id, \PDO::PARAM_INT);
$stmt->bindValue(':message', $message, \PDO::PARAM_STR);
$stmt->execute();
}

Expand Down
5 changes: 4 additions & 1 deletion src/View/Markdown.php
View file
Open in desktop
@@ -1,5 +1,6 @@
<?php
namespace Nyaan\View;
use HTMLPurifier;

/**
* @package Nyaan\View
Expand All @@ -15,9 +16,11 @@ final class Markdown
*/
public static function render($input)
{
$purifier = new HTMLPurifier();
$sanitized = $purifier->purify((new \Parsedown)->text($input));
return preg_replace(
'@</p>$@', '',
preg_replace('@^<p>@', '', (new \Parsedown)->text($input))
preg_replace('@^<p>@', '', $sanitized)
);
}
}
4 changes: 2 additions & 2 deletions src/View/twig/index.tpl.html
View file
Open in desktop
Expand Up @@ -12,11 +12,11 @@
</fieldset>
</form>
{% else %}
<form action="/login" class="loginform">
<form action="/login" method=post class="loginform">
<fieldset>
<legend>Login</legend>
<input name=user value="{{ user }}" >
<input name=password>
<input name=password type="password">
<button type=submit>Login</button>
</fieldset>
</form>
Expand Down
9 changes: 7 additions & 2 deletions src/View/twig/login.tpl.html
View file
Open in desktop
@@ -1,11 +1,16 @@
{% extends "layout.tpl.html" %}
{% block title %}Login{% endblock %}
{% block content %}
<form action="/login" class="loginform">
{% if error %}
<div>
{{ error }}
</div>
{% endif %}
<form action="/login" method=post class="loginform">
<fieldset>
<legend>Login</legend>
<input name=user value="{{ user }}" placeholder="ユーザー名" pattern="[a-zA-Z0-9]+">
<input name=password placeholder="パスワード">
<input name=password type="password" placeholder="パスワード">
<button type=submit>Login</button>
</fieldset>
</form>
Expand Down
4 changes: 2 additions & 2 deletions src/View/twig/regist.tpl.html
View file
Open in desktop
@@ -1,12 +1,12 @@
{% extends "layout.tpl.html" %}
{% block title %}Regist{% endblock %}
{% block content %}
<form action="/regist" class="loginform">
<form action="/regist" method=post class="loginform">
<fieldset>
<legend>Regist</legend>
<input name=user value="{{ user }}" required placeholder="ユーザー名" >
<input name=slug value="{{ slug }}" required placeholder="ログイン名" pattern="[a-zA-Z0-9]+">
<input name=password required placeholder="パスワード">
<input name=password type="password" required placeholder="パスワード">
<button type=submit>Submit</button>
</fieldset>
</form>
Expand Down