Permalink
Browse files

BUGFIX Fixed ComplexTableField and TableListField GET actions against…

… CSRF attacks (with Form_SecurityToken->checkRequest()) (from r113276)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114529 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
sminnee committed Dec 5, 2010
1 parent 5c0b218 commit 38601b96f81096676eaa72aa7cbb5d1ba491bb35
Showing with 16 additions and 3 deletions.
  1. +5 −1 forms/ComplexTableField.php
  2. +11 −2 forms/TableListField.php
@@ -749,7 +749,11 @@ function edit() {
return $this->renderWith($this->ctf->templatePopup);
}
- function delete() {
+ function delete($request) {
+ // Protect against CSRF on destructive action
+ $token = $this->ctf->getForm()->getSecurityToken();
+ if(!$token->checkRequest($request)) return $this->httpError(400);
+
if($this->ctf->Can('delete') !== true) {
return false;
}
View
@@ -559,7 +559,11 @@ function performReadonlyTransformation() {
/**
* @return String
*/
- function delete() {
+ function delete($request) {
+ // Protect against CSRF on destructive action
+ $token = $this->getForm()->getSecurityToken();
+ if(!$token->checkRequest($request)) return $this->httpError('400');
+
if($this->Can('delete') !== true) {
return false;
}
@@ -1438,6 +1442,7 @@ function Can($mode) {
function Link($action = null) {
$form = $this->parent->getForm();
if($form) {
+ $token = $form->getSecurityToken();
$parentUrlParts = parse_url($this->parent->Link());
$queryPart = (isset($parentUrlParts['query'])) ? '?' . $parentUrlParts['query'] : null;
// Ensure that URL actions not routed through Form->httpSubmission() are protected against CSRF attacks.
@@ -1567,7 +1572,11 @@ function __construct($ctf, $itemID) {
parent::__construct();
}
- function delete() {
+ function delete($request) {
+ // Protect against CSRF on destructive action
+ $token = $this->ctf->getForm()->getSecurityToken();
+ if(!$token->checkRequest($request)) return $this->httpError('400');
+
if($this->ctf->Can('delete') !== true) {
return false;
}

0 comments on commit 38601b9

Please sign in to comment.