aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWojciech Polak <polak@gnu.org>2010-05-18 18:04:48 +0200
committerWojciech Polak <polak@gnu.org>2010-05-18 18:04:48 +0200
commit47ffedeaf46293c3f62ce9b65df057022969874b (patch)
tree86d2eae516416c3941a16007fd0d418c4e320096
parent0059e38b33d80e4bdb4fcf004d4c67c44055e347 (diff)
downloadcheetah-47ffedeaf46293c3f62ce9b65df057022969874b.tar.gz
cheetah-47ffedeaf46293c3f62ce9b65df057022969874b.tar.bz2
Prevent CSRF in a recently added linked-accounts.
-rw-r--r--frontend/linked-accounts.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/frontend/linked-accounts.php b/frontend/linked-accounts.php
index 4e94ea9..53981f6 100644
--- a/frontend/linked-accounts.php
+++ b/frontend/linked-accounts.php
@@ -31,7 +31,7 @@ $session->auth ('iflogged');
$qs = false;
$message = '';
-postvars ('link,unlink');
+postvars ('sid,link,unlink');
$link = trim (strip_tags ($link));
$unlink = trim (strip_tags ($unlink));
@@ -79,6 +79,7 @@ else if (isset ($_GET['openid_mode']) && !empty ($_GET['openid_mode']))
}
else if ($link == 'facebook')
{
+ checkCSRF ($sid);
try {
$fb = new Facebook (array ('appId' => $CONF['fb.app_id'],
'secret' => $CONF['fb.secret_key'],
@@ -98,10 +99,12 @@ else if ($link == 'facebook')
}
else if ($unlink == 'facebook')
{
+ checkCSRF ($sid);
$db->query ("UPDATE user SET fbUID=0 WHERE id='".$session->id."'");
}
else if (!empty ($link))
{
+ checkCSRF ($sid);
$process_url = 'http://'.$CONF['site'].'/linked-accounts';
$trust_root = 'http://'.$CONF['site'].'/';
@@ -133,6 +136,7 @@ else if (!empty ($link))
}
}
else if (!empty ($unlink)) {
+ checkCSRF ($sid);
$db->query ("DELETE FROM openid WHERE userid='".$session->id.
"' AND identity='".$db->escape ($unlink)."'");
redirect ('linked-accounts');
@@ -209,6 +213,7 @@ $db->query ("SELECT * FROM openid WHERE userid='".$session->id."' ORDER BY ident
<div style="clear:both"></div>
</div>
<div id="add-openid" class="hidden">
+ <input type="hidden" name="sid" value="<?php echo session_id(); ?>" />
<input type="hidden" id="unlink" name="unlink" disabled="disabled" />
<input type="text" id="link" class="openid" name="link" size="30" maxlength="255" />
<input type="submit" value="<?php echo _('Attach'); ?>" />

Return to:

Send suggestions and report system problems to the System administrator.