XSS and XSRF security fixes

git-svn-id: https://projectpier.svn.sourceforge.net/svnroot/projectpier/ProjectPier/Trunk@112 5e44df70-d631-0410-a02e-f1bdc1e0250e
ukd1 · Feb 11, 2008 · b706b67 · b706b67
1 parent 0bed775
commit b706b67
Show file tree

Hide file tree

Showing 31 changed files with 461 additions and 153 deletions.
diff --git a/application/controllers/CompanyController.class.php b/application/controllers/CompanyController.class.php
@@ -241,6 +241,8 @@ function edit_client() {
     * @return null
     */
     function delete_client() {
+      $this->setTemplate('del_company');
+
       if (!logged_user()->isAdministrator(owner_company())) {
         flash_error(lang('no access permissions'));
         $this->redirectTo('dashboard');
@@ -252,19 +254,44 @@ function delete_client() {
         $this->redirectTo('administration', 'clients');
       } // if
 
-      try {
-        DB::beginWork();
-        $company->delete();
-        ApplicationLogs::createLog($company, null, ApplicationLogs::ACTION_DELETE);
-        DB::commit();
-
-        flash_success(lang('success delete client', $company->getName()));
-      } catch(Exception $e) {
-        DB::rollback();
+      $delete_data = array_var($_POST, 'deleteCompany');
+      tpl_assign('company',$company);
+      tpl_assign('delete_data',$delete_data);
+
+      if (!is_array($delete_data)) {
+        $delete_data = array(
+          'really' => 0,
+          'password' => '',
+          ); // array
+        tpl_assign('delete_data', $delete_data);
+      } else if ($delete_data['really'] == 1) {
+        $password = $delete_data['password'];
+        if (trim($password) == '') {
+          tpl_assign('error', new Error(lang('password value missing')));
+          $this->render();
+        }
+        if (!logged_user()->isValidPassword($password)) {
+          tpl_assign('error', new Error(lang('invalid login data')));
+          $this->render();
+        } // if
+
+        try {
+          DB::beginWork();
+          $company->delete();
+          ApplicationLogs::createLog($company, null, ApplicationLogs::ACTION_DELETE);
+          DB::commit();
+
+          flash_success(lang('success delete client', $company->getName()));
+        } catch(Exception $e) {
+          DB::rollback();
+          flash_error(lang('error delete client'));
+        } // try
+
+        $this->redirectTo('administration', 'clients');
+      } else {
         flash_error(lang('error delete client'));
-      } // try
-
-      $this->redirectTo('administration', 'clients');
+        $this->redirectTo('administration', 'clients');
+      }
     } // delete_client
 
     /**

diff --git a/application/controllers/FilesController.class.php b/application/controllers/FilesController.class.php
@@ -479,29 +479,55 @@ function edit_file() {
     * @return null
     */
     function delete_file() {
+      $this->setTemplate('del_file');
+
       $file = ProjectFiles::findById(get_id());
       if (!($file instanceof ProjectFile)) {
         flash_error(lang('file dnx'));
         $this->redirectToReferer(get_url('files'));
       } // if
-      
+
       if (!$file->canEdit(logged_user())) {
         flash_error(lang('no access permissions'));
         $this->redirectToReferer(get_url('files'));
       } // if
-
-      try {
-        DB::beginWork();
-        $file->delete();
-        ApplicationLogs::createLog($file, $file->getProject(), ApplicationLogs::ACTION_DELETE);
-        DB::commit();
-
-        flash_success(lang('success delete file', $file->getFilename()));
-      } catch(Exception $e) {
+
+      $delete_data = array_var($_POST, 'deleteFile');
+      tpl_assign('file',$file);
+      tpl_assign('delete_data',$delete_data);
+
+      if (!is_array($delete_data)) {
+        $delete_data = array(
+          'really' => 0,
+          'password' => '',
+          ); // array
+        tpl_assign('delete_data', $delete_data);
+      } else if ($delete_data['really'] == 1) {
+        $password = $delete_data['password'];
+        if (trim($password) == '') {
+          tpl_assign('error', new Error(lang('password value missing')));
+          return $this->render();
+        }
+        if (!logged_user()->isValidPassword($password)) {
+          tpl_assign('error', new Error(lang('invalid login data')));
+          return $this->render();
+        }
+        try {
+          DB::beginWork();
+          $file->delete();
+          ApplicationLogs::createLog($file, $file->getProject(), ApplicationLogs::ACTION_DELETE);
+          DB::commit();
+
+          flash_success(lang('success delete file', $file->getFilename()));
+        } catch(Exception $e) {
+          flash_error(lang('error delete file'));
+        } // try
+
+        $this->redirectTo('files');
+      } else {
         flash_error(lang('error delete file'));
-      } // try
-
-      $this->redirectTo('files');
+        $this->redirectToUrl($file->getDetailsUrl());
+      }
     } // delete_file
 
     // ---------------------------------------------------
@@ -569,6 +595,8 @@ function edit_file_revision() {
     * @return null
     */
     function delete_file_revision() {
+      $this->setTemplate('del_revision');
+
       $revision = ProjectFileRevisions::findById(get_id());
       if (!($revision instanceof ProjectFileRevision)) {
         flash_error(lang('file revision dnx'));
@@ -592,19 +620,45 @@ function delete_file_revision() {
         $this->redirectToReferer(get_url('files'));
       } // if
 
-      try {
-        DB::beginWork();
-        $revision->delete();
-        ApplicationLogs::createLog($revision, $revision->getProject(), ApplicationLogs::ACTION_DELETE);
-        DB::commit();
-
-        flash_success(lang('success delete file revision'));
-      } catch(Exception $e) {
-        DB::rollback();
+      $delete_data = array_var($_POST, 'deleteFileRevision');
+      tpl_assign('file',$file);
+      tpl_assign('revision',$revision);
+      tpl_assign('delete_data',$delete_data);
+
+      if (!is_array($delete_data)) {
+        $delete_data = array(
+          'really' => 0,
+          'password' => '',
+        ); // array
+        tpl_assign('delete_data', $delete_data);
+      } else if ($delete_data['really'] == 1) {
+        $password = $delete_data['password'];
+        if (trim($password) == '') {
+          tpl_assign('error', new Error(lang('password value missing')));
+          return $this->render();
+        }
+        if (!logged_user()->isValidPassword($password)) {
+          tpl_assign('error', new Error(lang('invalid login data')));
+          return $this->render();
+        }
+
+        try {
+          DB::beginWork();
+          $revision->delete();
+          ApplicationLogs::createLog($revision, $revision->getProject(), ApplicationLogs::ACTION_DELETE);
+          DB::commit();
+
+          flash_success(lang('success delete file revision'));
+        } catch(Exception $e) {
+          DB::rollback();
+          flash_error(lang('error delete file revision'));
+        } // try
+
+        $this->redirectToUrl($file->getDetailsUrl());
+      } else {
         flash_error(lang('error delete file revision'));
-      } // try
-
-      $this->redirectToUrl($file->getDetailsUrl());
+        $this->redirectToUrl($file->getDetailsUrl());
+      }
     } // delete_file_revision
 
     // ---------------------------------------------------

diff --git a/application/controllers/MessageController.class.php b/application/controllers/MessageController.class.php
@@ -308,6 +308,8 @@ function update_options() {
     * @return null
     */
     function delete() {
+      $this->setTemplate('del_message');
+
       $message = ProjectMessages::findById(get_id());
       if (!($message instanceof ProjectMessage)) {
         flash_error(lang('message dnx'));
@@ -319,20 +321,45 @@ function delete() {
         $this->redirectTo('message');
       } // if
 
-      try {
-
-        DB::beginWork();
-        $message->delete();
-        ApplicationLogs::createLog($message, $message->getProject(), ApplicationLogs::ACTION_DELETE);
-        DB::commit();
-
-        flash_success(lang('success deleted message', $message->getTitle()));
-      } catch(Exception $e) {
-        DB::rollback();
+      $delete_data = array_var($_POST, 'deleteMessage');
+      tpl_assign('message',$message);
+      tpl_assign('delete_data',$delete_data);
+
+      if (!is_array($delete_data)) {
+        $delete_data = array(
+          'really' => 0,
+          'password' => '',
+          ); // array
+        tpl_assign('delete_data', $delete_data);
+      } else if ($delete_data['really'] == 1) {
+        $password = $delete_data['password'];
+        if (trim($password) == '') {
+          tpl_assign('error', new Error(lang('password value missing')));
+          return $this->render();
+        }
+        if (!logged_user()->isValidPassword($password)) {
+          tpl_assign('error', new Error(lang('invalid login data')));
+          return $this->render();
+        }
+        try {
+
+          DB::beginWork();
+          $message->delete();
+          ApplicationLogs::createLog($message, $message->getProject(), ApplicationLogs::ACTION_DELETE);
+          DB::commit();
+
+          flash_success(lang('success deleted message', $message->getTitle()));
+        } catch(Exception $e) {
+          DB::rollback();
+          flash_error(lang('error delete message'));
+        } // try
+
+        $this->redirectTo('message');
+      } else {
         flash_error(lang('error delete message'));
-      } // try
-
-      $this->redirectTo('message');
+        $this->redirectTo('message');
+      }
+
     } // delete
 
     // ---------------------------------------------------

diff --git a/application/controllers/MilestoneController.class.php b/application/controllers/MilestoneController.class.php
@@ -231,6 +231,8 @@ function edit() {
     * @return null
     */
     function delete() {
+      $this->setTemplate('del_milestone');
+
       $milestone = ProjectMilestones::findById(get_id());
       if (!($milestone instanceof ProjectMilestone)) {
         flash_error(lang('milestone dnx'));
@@ -242,20 +244,44 @@ function delete() {
         $this->redirectToReferer(get_url('milestone'));
       } // if
 
-      try {
-
-        DB::beginWork();
-        $milestone->delete();
-        ApplicationLogs::createLog($milestone, $milestone->getProject(), ApplicationLogs::ACTION_DELETE);
-        DB::commit();
-
-        flash_success(lang('success deleted milestone', $milestone->getName()));
-      } catch(Exception $e) {
-        DB::rollback();
+      $delete_data = array_var($_POST, 'deleteMilestone');
+      tpl_assign('milestone',$milestone);
+      tpl_assign('delete_data',$delete_data);
+
+      if (!is_array($delete_data)) {
+        $delete_data = array(
+          'really' => 0,
+          'password' => '',
+          ); // array
+        tpl_assign('delete_data', $delete_data);
+      } else if ($delete_data['really'] == 1) {
+        $password = $delete_data['password'];
+        if (trim($password) == '') {
+          tpl_assign('error', new Error(lang('password value missing')));
+          return $this->render();
+        }
+        if (!logged_user()->isValidPassword($password)) {
+          tpl_assign('error', new Error(lang('invalid login data')));
+          return $this->render();
+        }
+        try {
+
+          DB::beginWork();
+          $milestone->delete();
+          ApplicationLogs::createLog($milestone, $milestone->getProject(), ApplicationLogs::ACTION_DELETE);
+          DB::commit();
+
+          flash_success(lang('success deleted milestone', $milestone->getName()));
+        } catch(Exception $e) {
+          DB::rollback();
+          flash_error(lang('error delete milestone'));
+        } // try
+
+        $this->redirectTo('milestone');
+      } else {
         flash_error(lang('error delete milestone'));
-      } // try
-
-      $this->redirectTo('milestone');
+        $this->redirectTo('milestone');
+      }
     } // delete
 
     /**