vérificatio CSRF et mise en page

author: nicosomb <nicolas@loeuillet.org> 2013-04-15 14:09:58 +0200
committer: nicosomb <nicolas@loeuillet.org> 2013-04-15 14:09:58 +0200
commit: cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861 (patch)
tree: 86d0cad24ed4891165d720a3bb19fffe6f55c73b /inc
parent: 358ab47957de18183aa3d3f7a62b631cd131f41f (diff)
download: wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.tar.gz
wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.tar.zst
wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.zip
2 files changed, 36 insertions, 4 deletions
diff --git a/inc/config.php b/inc/config.php
index 29a22507..84b86998 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -22,4 +22,12 @@ raintpl::$cache_dir = './cache/';
 raintpl::$base_url  = get_poche_url();
 raintpl::configure('path_replace', false);
 raintpl::configure('debug', false);
-$tpl = new raintpl();
-\ No newline at end of file
+$tpl = new raintpl();
+session_start();
+if (!isset($_SESSION['token_poche'])) {
+    $token = md5(uniqid(rand(), TRUE));
+    $_SESSION['token_poche'] = $token;
+    $_SESSION['token_time_poche'] = time();
+}
+\ No newline at end of file
diff --git a/inc/functions.php b/inc/functions.php
index 45828bf2..30e00393 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -125,7 +125,7 @@ function prepare_url($url)
 /**
 * Appel d'une action (mark as fav, archive, delete)
 */
-function action_to_do($action, $id)
+function action_to_do($action, $id, $url, $token)
 {
    global $db;
@@ -140,8 +140,11 @@ function action_to_do($action, $id)
            $params_action  = array($url, $parametres_url['title'], $parametres_url['content']);
            break;
        case 'delete':
-            $sql_action     = "DELETE FROM entries WHERE id=?";
+            if (verif_token($token)) {
-            $params_action  = array($id);
+                $sql_action     = "DELETE FROM entries WHERE id=?";
+                $params_action  = array($id);
+            }
+            else die('CSRF problem');
            break;
        default:
            break;
@@ -224,4 +227,25 @@ function get_article($id)
    }
    return $entry;
+}
+/**
+ * Vérifie si le jeton passé en $_POST correspond à celui en session
+ */
+function verif_token($token)
+{
+    if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
+    {
+        if($_SESSION['token_poche'] == $token)
+        {
+            $old_timestamp = time() - (15*60);
+            if($_SESSION['token_time_poche'] >= $old_timestamp)
+            {
+                return TRUE;
+            }
+            else return FALSE;
+        }
+        else return FALSE;
+    }
+    else return FALSE;
 }
 \ No newline at end of file
author	nicosomb <nicolas@loeuillet.org>	2013-04-15 14:09:58 +0200
committer	nicosomb <nicolas@loeuillet.org>	2013-04-15 14:09:58 +0200
commit	cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861 (patch)
tree	86d0cad24ed4891165d720a3bb19fffe6f55c73b /inc
parent	358ab47957de18183aa3d3f7a62b631cd131f41f (diff)
download	wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.tar.gz wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.tar.zst wallabag-cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861.zip

diff --git a/inc/config.php b/inc/config.php index 29a22507..84b86998 100644 --- a/inc/config.php +++ b/inc/config.php
@@ -22,4 +22,12 @@ raintpl::$cache_dir = './cache/';
22	raintpl::$base_url = get_poche_url();	22	raintpl::$base_url = get_poche_url();
23	raintpl::configure('path_replace', false);	23	raintpl::configure('path_replace', false);
24	raintpl::configure('debug', false);	24	raintpl::configure('debug', false);
25	$tpl = new raintpl(); \ No newline at end of file	25	$tpl = new raintpl();
		26
		27	session_start();
		28
		29	if (!isset($_SESSION['token_poche'])) {
		30	$token = md5(uniqid(rand(), TRUE));
		31	$_SESSION['token_poche'] = $token;
		32	$_SESSION['token_time_poche'] = time();
		33	} \ No newline at end of file


diff --git a/inc/functions.php b/inc/functions.php index 45828bf2..30e00393 100755 --- a/inc/functions.php +++ b/inc/functions.php
@@ -125,7 +125,7 @@ function prepare_url($url)
125	/**	125	/**
126	* Appel d'une action (mark as fav, archive, delete)	126	* Appel d'une action (mark as fav, archive, delete)
127	*/	127	*/
128	function action_to_do($action, $id)	128	function action_to_do($action, $id, $url, $token)
129	{	129	{
130	global $db;	130	global $db;
131		131
@@ -140,8 +140,11 @@ function action_to_do($action, $id)
140	$params_action = array($url, $parametres_url['title'], $parametres_url['content']);	140	$params_action = array($url, $parametres_url['title'], $parametres_url['content']);
141	break;	141	break;
142	case 'delete':	142	case 'delete':
143	$sql_action = "DELETE FROM entries WHERE id=?";	143	if (verif_token($token)) {
144	$params_action = array($id);	144	$sql_action = "DELETE FROM entries WHERE id=?";
		145	$params_action = array($id);
		146	}
		147	else die('CSRF problem');
145	break;	148	break;
146	default:	149	default:
147	break;	150	break;
@@ -224,4 +227,25 @@ function get_article($id)
224	}	227	}
225		228
226	return $entry;	229	return $entry;
		230	}
		231
		232	/**
		233	* Vérifie si le jeton passé en $_POST correspond à celui en session
		234	*/
		235	function verif_token($token)
		236	{
		237	if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
		238	{
		239	if($_SESSION['token_poche'] == $token)
		240	{
		241	$old_timestamp = time() - (15*60);
		242	if($_SESSION['token_time_poche'] >= $old_timestamp)
		243	{
		244	return TRUE;
		245	}
		246	else return FALSE;
		247	}
		248	else return FALSE;
		249	}
		250	else return FALSE;
227	} \ No newline at end of file	251	} \ No newline at end of file