[geeklog-cvs] geeklog: Added a security token on the authentication form to re...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Dec 29 08:00:31 EST 2009
changeset 7545:b4d55a55dc27
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/b4d55a55dc27
user: Dirk Haun <dirk at haun-online.de>
date: Fri Dec 25 15:31:02 2009 +0100
description:
Added a security token on the authentication form to resend requests after a token expired
diffstat:
public_html/users.php | 4 ++--
system/lib-security.php | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diffs (27 lines):
diff -r 578a3e9b510b -r b4d55a55dc27 public_html/users.php
--- a/public_html/users.php Wed Dec 23 09:01:52 2009 +0100
+++ b/public_html/users.php Fri Dec 25 15:31:02 2009 +0100
@@ -876,9 +876,9 @@
$getdata = urldecode($_POST['token_getdata']);
}
- if (!empty($method) && !empty($returnurl) &&
+ if (SECINT_checkToken() && (!empty($method) && !empty($returnurl) &&
((($method == 'POST') && !empty($postdata)) ||
- (($method == 'GET') && !empty($getdata)))) {
+ (($method == 'GET') && !empty($getdata))))) {
$req = new HTTP_Request($returnurl);
if ($method == 'POST') {
diff -r 578a3e9b510b -r b4d55a55dc27 system/lib-security.php
--- a/system/lib-security.php Wed Dec 23 09:01:52 2009 +0100
+++ b/system/lib-security.php Fri Dec 25 15:31:02 2009 +0100
@@ -1292,6 +1292,8 @@
. urlencode($getdata) . '"' . XHTML . '>' . LB;
$services .= '<input type="hidden" name="token_requestmethod" value="'
. $method . '"' . XHTML . '>' . LB;
+ $services .= '<input type="hidden" name="' . CSRF_TOKEN . '" value="'
+ . SEC_createToken() . '"'. XHTML . '>' . LB;
$authform->set_var('services', $services);
$authform->set_var('openid_login', ''); // TBD
More information about the geeklog-cvs
mailing list