Skip to content

Commit

Permalink
bug 1328: backport the pwg_token on trunk
Browse files Browse the repository at this point in the history 
bug 1329: backport the check_input_parameter on trunk

feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).

git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
  • Loading branch information
@plegall
plegall committed Mar 19, 2010
1 parent ff7e537 commit c695136
Show file tree
Hide file tree
Showing 26 changed files with 433 additions and 170 deletions.
9 changes: 9 additions & 0 deletions admin/cat_list.php
View file
Expand Up @@ -33,6 +33,11 @@
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);

if (!empty($_POST) or isset($_GET['delete']))
{
check_pwg_token();
}

// +-----------------------------------------------------------------------+
// | functions |
// +-----------------------------------------------------------------------+
Expand Down Expand Up @@ -64,6 +69,8 @@ function save_categories_order($categories)
// | initialization |
// +-----------------------------------------------------------------------+

check_input_parameter('parent_id', $_GET, false, PATTERN_ID);

$categories = array();

$base_url = get_root_url().'admin.php?page=cat_list';
Expand Down Expand Up @@ -185,6 +192,7 @@ function save_categories_order($categories)
$template->assign(array(
'CATEGORIES_NAV'=>$navigation,
'F_ACTION'=>$form_action,
'PWG_TOKEN' => get_pwg_token(),
));

// +-----------------------------------------------------------------------+
Expand Down Expand Up @@ -260,6 +268,7 @@ function save_categories_order($categories)
if (empty($category['dir']))
{
$tpl_cat['U_DELETE'] = $self_url.'&delete='.$category['id'];
$tpl_cat['U_DELETE'].= '&pwg_token='.get_pwg_token();
}

if ( array_key_exists($category['id'], $categories_with_images) )
Expand Down
2 changes: 2 additions & 0 deletions admin/element_set.php
View file
Expand Up @@ -39,6 +39,8 @@
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);

check_input_parameter('selection', $_POST, true, PATTERN_ID);

// +-----------------------------------------------------------------------+
// | caddie management |
// +-----------------------------------------------------------------------+
Expand Down
5 changes: 5 additions & 0 deletions admin/element_set_global.php
View file
Expand Up @@ -43,6 +43,11 @@
// | deletion form submission |
// +-----------------------------------------------------------------------+

// the $_POST['selection'] was already checked in element_set.php
check_input_parameter('del_tags', $_POST, true, PATTERN_ID);
check_input_parameter('associate', $_POST, false, PATTERN_ID);
check_input_parameter('dissociate', $_POST, false, PATTERN_ID);

if (isset($_POST['delete']))
{
if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
Expand Down
10 changes: 8 additions & 2 deletions admin/group_list.php
View file
Expand Up @@ -33,6 +33,11 @@
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);

if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default']))
{
check_pwg_token();
}

// +-----------------------------------------------------------------------+
// | delete a group |
// +-----------------------------------------------------------------------+
Expand Down Expand Up @@ -155,6 +160,7 @@
array(
'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list',
'U_HELP' => get_root_url().'popuphelp.php?page=group_list',
'PWG_TOKEN' => get_pwg_token(),
)
);

Expand Down Expand Up @@ -191,9 +197,9 @@
'IS_DEFAULT' => (get_boolean($row['is_default']) ? ' ['.l10n('default').']' : ''),
'MEMBERS' => l10n_dec('%d member', '%d members', $counter),
'U_MEMBERS' => $members_url.$row['id'],
'U_DELETE' => $del_url.$row['id'],
'U_DELETE' => $del_url.$row['id'].'&pwg_token='.get_pwg_token(),
'U_PERM' => $perm_url.$row['id'],
'U_ISDEFAULT' => $toggle_is_default_url.$row['id']
'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&pwg_token='.get_pwg_token(),
)
);
}
Expand Down
28 changes: 0 additions & 28 deletions admin/include/functions.php
View file
Expand Up @@ -23,34 +23,6 @@

include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php');

/**
* check token comming from form posted or get params to prevent csrf attacks
* if pwg_token is empty action doesn't require token
* else pwg_token is compare to server token
*
* @return void access denied if token given is not equal to server token
*/
function check_token()
{
global $conf;

$valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);
$given_token = null;

if (!empty($_POST['pwg_token']))
{
$given_token = $_POST['pwg_token'];
}
elseif (!empty($_GET['pwg_token']))
{
$given_token = $_GET['pwg_token'];
}
if ($given_token != $valid_token)
{
access_denied();
}
}

// The function delete_site deletes a site and call the function
// delete_categories for each primary category of the site
function delete_site( $id )
Expand Down
2 changes: 1 addition & 1 deletion admin/include/uploadify/uploadify.php
View file
Expand Up @@ -8,7 +8,7 @@
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');

// check_pwg_token();
check_pwg_token();

ob_start();
print_r($_FILES);
Expand Down
4 changes: 2 additions & 2 deletions admin/photos_add_direct.php
View file
Expand Up @@ -30,7 +30,7 @@

if (isset($_GET['batch']))
{
check_input_parameter('batch', $_GET['batch'], false, '/^\d+(,\d+)*$/');
check_input_parameter('batch', $_GET, false, '/^\d+(,\d+)*$/');

$query = '
DELETE FROM '.CADDIE_TABLE.'
Expand Down Expand Up @@ -347,7 +347,7 @@
'switch_url' => PHOTOS_ADD_BASE_URL.'&upload_mode='.$upload_switch,
'upload_id' => md5(rand()),
'session_id' => session_id(),
'pwg_token' => '1234abcd5678efgh',// get_pwg_token(),
'pwg_token' => get_pwg_token(),
)
);

Expand Down
3 changes: 3 additions & 0 deletions admin/picture_modify.php
View file
Expand Up @@ -33,6 +33,9 @@
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);

check_input_parameter('image_id', $_GET, false, PATTERN_ID);
check_input_parameter('cat_id', $_GET, false, PATTERN_ID);

// +-----------------------------------------------------------------------+
// | synchronize metadata |
// +-----------------------------------------------------------------------+
Expand Down
9 changes: 5 additions & 4 deletions admin/plugins_list.php
View file
Expand Up @@ -32,12 +32,15 @@

$order = isset($_GET['order']) ? $_GET['order'] : 'name';
$base_url = get_root_url().'admin.php?page='.$page['page'].'&order='.$order;
$action_url = $base_url.'&plugin='.'%s'.'&pwg_token='.get_pwg_token();

$plugins = new plugins();

//--------------------------------------------------perform requested actions
if (isset($_GET['action']) and isset($_GET['plugin']) and !is_adviser())
{
check_pwg_token();

$page['errors'] = $plugins->perform_action($_GET['action'], $_GET['plugin']);

if (empty($page['errors']))
Expand Down Expand Up @@ -96,7 +99,7 @@
array('NAME' => $display_name,
'VERSION' => $fs_plugin['version'],
'DESCRIPTION' => $desc,
'U_ACTION' => $base_url.'&plugin='.$plugin_id);
'U_ACTION' => sprintf($action_url, $plugin_id));

if (isset($plugins->db_plugins_by_id[$plugin_id]))
{
Expand All @@ -115,14 +118,12 @@

foreach($missing_plugin_ids as $plugin_id)
{
$action_url = $base_url.'&plugin='.$plugin_id;

$template->append( 'plugins',
array(
'NAME' => $plugin_id,
'VERSION' => $plugins->db_plugins_by_id[$plugin_id]['version'],
'DESCRIPTION' => "ERROR: THIS PLUGIN IS MISSING BUT IT IS INSTALLED! UNINSTALL IT NOW !",
'U_ACTION' => $base_url.'&plugin='.$plugin_id,
'U_ACTION' => sprintf($action_url, $plugin_id),
'STATE' => 'missing'
)
);
Expand Down
6 changes: 5 additions & 1 deletion admin/plugins_new.php
View file
Expand Up @@ -38,6 +38,8 @@
//------------------------------------------------------automatic installation
if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser())
{
check_pwg_token();

$install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']);

redirect($base_url.'&installstatus='.$install_status);
Expand Down Expand Up @@ -110,7 +112,9 @@

$url_auto_install = htmlentities($base_url)
. '&revision=' . $plugin['revision_id']
. '&extension=' . $plugin['extension_id'];
. '&extension=' . $plugin['extension_id']
. '&pwg_token='.get_pwg_token()
;

$template->append('plugins', array(
'EXT_NAME' => $plugin['extension_name'],
Expand Down
7 changes: 6 additions & 1 deletion admin/plugins_update.php
View file
Expand Up @@ -37,6 +37,8 @@
//-----------------------------------------------------------automatic upgrade
if (isset($_GET['plugin']) and isset($_GET['revision']) and !is_adviser())
{
check_pwg_token();

$plugin_id = $_GET['plugin'];
$revision = $_GET['revision'];

Expand All @@ -48,6 +50,7 @@
redirect($base_url
. '&revision=' . $revision
. '&plugin=' . $plugin_id
. '&pwg_token='.get_pwg_token()
. '&reactivate=true');
}

Expand Down Expand Up @@ -133,7 +136,9 @@
// Plugin need upgrade
$url_auto_update = $base_url
. '&revision=' . $plugin_info['revision_id']
. '&plugin=' . $plugin_id;
. '&plugin=' . $plugin_id
. '&pwg_token='.get_pwg_token()
;

$template->append('plugins_not_uptodate', array(
'EXT_NAME' => $fs_plugin['name'],
Expand Down
18 changes: 13 additions & 5 deletions admin/site_manager.php
View file
Expand Up @@ -33,6 +33,11 @@
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);

if (!empty($_POST) or isset($_GET['action']))
{
check_pwg_token();
}

/**
* requests the given $url (a remote create_listing_file.php) and fills a
* list of lines corresponding to request output
Expand Down Expand Up @@ -198,11 +203,13 @@ function remote_output($url)
}
}

$template->assign( array(
'U_HELP' => get_root_url().'popuphelp.php?page=site_manager',
'F_ACTION' => get_root_url().'admin.php'
.get_query_string_diff( array('action','site') )
) );
$template->assign(
array(
'U_HELP' => get_root_url().'popuphelp.php?page=site_manager',
'F_ACTION' => get_root_url().'admin.php'.get_query_string_diff(array('action','site','pwg_token')),
'PWG_TOKEN' => get_pwg_token(),
)
);

// +-----------------------------------------------------------------------+
// | remote sites list |
Expand Down Expand Up @@ -242,6 +249,7 @@ function remote_output($url)
$base_url = PHPWG_ROOT_PATH.'admin.php';
$base_url.= '?page=site_manager';
$base_url.= '&site='.$row['id'];
$base_url.= '&pwg_token='.get_pwg_token();
$base_url.= '&action=';

$update_url = PHPWG_ROOT_PATH.'admin.php';
Expand Down
8 changes: 7 additions & 1 deletion admin/tags.php
View file
Expand Up @@ -29,6 +29,11 @@
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
check_status(ACCESS_ADMINISTRATOR);

if (!empty($_POST))
{
check_pwg_token();
}

// +-----------------------------------------------------------------------+
// | edit tags |
// +-----------------------------------------------------------------------+
Expand Down Expand Up @@ -189,7 +194,8 @@

$template->assign(
array(
'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags'
'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags',
'PWG_TOKEN' => get_pwg_token(),
)
);

Expand Down
2 changes: 2 additions & 0 deletions admin/themes/default/template/cat_list.tpl
View file
Expand Up @@ -26,6 +26,7 @@
<h3>{$CATEGORIES_NAV}</h3>

<form id="addVirtual" action="{$F_ACTION}" method="post">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
{'Add a virtual category'|@translate} : <input type="text" name="virtual_name">
<input class="submit" type="submit" value="{'Submit'|@translate}" name="submitAdd" {$TAG_INPUT_ENABLED}>
Expand All @@ -38,6 +39,7 @@

{if count($categories) }
<form id="categoryOrdering" action="{$F_ACTION}" method="post">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
<input class="submit" name="submitOrder" type="submit" value="{'Save order'|@translate}" {$TAG_INPUT_ENABLED}>
<input class="submit" name="submitOrderAlphaNum" type="submit" value="{'Order alphanumerically'|@translate}" {$TAG_INPUT_ENABLED}>
Expand Down
1 change: 1 addition & 0 deletions admin/themes/default/template/group_list.tpl
View file
Expand Up @@ -3,6 +3,7 @@
</div>

<form method="post" name="add_user" action="{$F_ADD_ACTION}" class="properties">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<fieldset>
<legend>{'Add group'|@translate}</legend>

Expand Down
2 changes: 2 additions & 0 deletions admin/themes/default/template/site_manager.tpl
View file
Expand Up @@ -16,6 +16,7 @@
{'A local listing.xml file has been found for '|@translate} {$local_listing.URL}
{if isset($local_listing.CREATE)}
<form action="{$F_ACTION}" method="post">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
{'Create this site'|@translate}:
<input type="hidden" name="no_check" value="1">
Expand Down Expand Up @@ -63,6 +64,7 @@
{/if}

<form action="{$F_ACTION}" method="post">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
<p>
<label for="galleries_url" >{'Create a new site : (give its URL to create_listing_file.php)'|@translate}</label>
<input type="text" name="galleries_url" id="galleries_url">
Expand Down
1 change: 1 addition & 0 deletions admin/themes/default/template/tags.tpl
View file
Expand Up @@ -3,6 +3,7 @@
</div>

<form action="{$F_ACTION}" method="post">
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />

{if isset($EDIT_TAGS_LIST)}
<fieldset>
Expand Down

0 comments on commit c695136

Please sign in to comment.