------------------------------------------------------------------------
* More Security: When changing the password in your personal preferences,
- you need to insert the old password. Thanks to Nenad Jovanovic for
+ you need to insert the old password. Secure backend forms with extra
+ token checks to bypass XSRF attacks. Thanks to Nenad Jovanovic for
contacting me about this issue! (garvinhicking)
* Fix JS errors in admin comment overview for IE6 (garvinhicking)
$admin_category = ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF ? "AND (authorid = 0 OR authorid = " . (int)$serendipity['authorid'] . ")" : '');
/* Add a new category */
-if (isset($_POST['SAVE'])) {
+if (isset($_POST['SAVE']) && serendipity_checkFormToken()) {
$name = $serendipity['POST']['cat']['name'];
$desc = $serendipity['POST']['cat']['description'];
$authorid = (isset($serendipity['POST']['cat']['all_authors']) && $serendipity['POST']['cat']['all_authors'] == 'true') ? 0 : $serendipity['authorid'];
}
/* Delete a category */
-if ($serendipity['GET']['adminAction'] == 'doDelete') {
+if ($serendipity['GET']['adminAction'] == 'doDelete' && serendipity_checkFormToken()) {
if ($serendipity['GET']['cid'] != 0) {
$remaining_cat = (int)$serendipity['POST']['cat']['remaining_catid'];
$category_range = implode(' AND ', serendipity_fetchCategoryRange((int)$serendipity['GET']['cid']));
if ($serendipity['serendipityUserlevel'] >= USERLEVEL_CHIEF || $serendipity['authorid'] == $this_cat['authorid'] || $this_cat['authorid'] == '0') {
?>
<form method="POST" name="serendipityCategory" action="?serendipity[adminModule]=category&serendipity[adminAction]=doDelete&serendipity[cid]=<?php echo $serendipity['GET']['cid'] ?>">
+ <?php echo serendipity_setFormToken(); ?>
<br />
<?php echo CATEGORY_REMAINING ?>:
<select name="serendipity[cat][remaining_catid]">
}
?>
<form method="POST" name="serendipityCategory">
+<?php echo serendipity_setFormToken(); ?>
<table cellpadding="5" width="100%">
<tr>
<td><?php echo NAME; ?></td>
$commentsPerPage = (!empty($serendipity['GET']['filter']['perpage']) ? $serendipity['GET']['filter']['perpage'] : 10);
$summaryLength = 200;
-if ( $serendipity['POST']['formAction'] == 'multiDelete' && sizeof($serendipity['POST']['delete']) != 0 ) {
+if ( $serendipity['POST']['formAction'] == 'multiDelete' && sizeof($serendipity['POST']['delete']) != 0 && serendipity_checkFormToken()) {
foreach ( $serendipity['POST']['delete'] as $k => $v ) {
serendipity_deleteComment($k, $v);
echo DONE . ': '. sprintf(COMMENT_DELETED, $k) . '<br />';
/* We are asked to save the edited comment, and we are not in preview mode */
-if ( isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'doEdit' && !isset($serendipity['POST']['preview']) ) {
+if ( isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'doEdit' && !isset($serendipity['POST']['preview']) && serendipity_checkFormToken()) {
$sql = "UPDATE {$serendipity['dbPrefix']}comments
SET
author = '" . serendipity_db_escape_string($serendipity['POST']['name']) . "',
/* We approve a comment */
-if ( isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'approve' ) {
+if ( isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'approve' && serendipity_checkFormToken()) {
$sql = "SELECT c.*, e.title, a.email as authoremail, a.mail_comments
FROM {$serendipity['dbPrefix']}comments c
LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)
}
/* We are asked to delete a comment */
-if ( isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'delete' ) {
+if ( isset($serendipity['GET']['adminAction']) && $serendipity['GET']['adminAction'] == 'delete' && serendipity_checkFormToken()) {
serendipity_deleteComment($serendipity['GET']['id'], $serendipity['GET']['entry_id']);
echo DONE . ': '. sprintf(COMMENT_DELETED, $serendipity['GET']['id']);
return true;
serendipity_displayCommentForm(
$serendipity['GET']['entry_id'],
- '?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=doEdit&serendipity[id]=' . $serendipity['GET']['id'] . '&serendipity[entry_id]=' . $serendipity['GET']['entry_id'],
+ '?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=doEdit&serendipity[id]=' . $serendipity['GET']['id'] . '&serendipity[entry_id]=' . $serendipity['GET']['entry_id'] . '&' . serendipity_setFormToken('url'),
NULL,
$data,
false,
$c_type = 'NORMAL';
}
+$searchString .= '&' . serendipity_setFormToken('url');
+
/* Paging */
$sql = serendipity_db_query("SELECT COUNT(*) AS total FROM {$serendipity['dbPrefix']}comments c WHERE c.type = '$c_type' ". $and, true);
}
</script>
<form action="" method="GET" style="margin: 0">
+<?php echo serendipity_setFormToken(); ?>
<input type="hidden" name="serendipity[adminModule]" value="comments" />
<input type="hidden" name="serendipity[page]" value="<?php echo $page ?>" />
<table class="serendipity_admin_filters" width="100%">
} else {
?>
<form action="" method="POST" name="formMultiDelete" id="formMultiDelete">
+<?php echo serendipity_setFormToken(); ?>
<input type="hidden" name="serendipity[formAction]" value="multiDelete" />
<table width="100%" cellpadding="3" border="0" cellspacing="0">
<tr>
</tr>
</table>
<?php if ($rs['status'] == 'pending') { ?>
- <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=approve&serendipity[id]=<?php echo $rs['id'] ?>" class="serendipityIconLink" title="<?php echo APPROVE; ?>"><img src="<?php echo serendipity_getTemplateFile('admin/img/accept.png'); ?>" alt="<?php echo APPROVE ?>" /><?php echo APPROVE ?></a>
+ <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=approve&serendipity[id]=<?php echo $rs['id'] ?>
&<?php echo serendipity_setFormToken('url'); ?>" class="serendipityIconLink" title="<?php echo APPROVE; ?>"><img src="<?php echo serendipity_getTemplateFile('admin/img/accept.png'); ?>" alt="<?php echo APPROVE ?>" /><?php echo APPROVE ?></a>
<?php } ?>
<?php if (strlen($fullBody) > strlen($summary) ) { ?>
<a href="#c<?php echo $rs['id'] ?>" onclick="FT_toggle(<?php echo $rs['id'] ?>); return false;" title="<?php echo VIEW; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/zoom.png'); ?>" alt="<?php echo VIEW; ?>" /><span id="<?php echo $rs['id'] ?>_text"><?php echo VIEW ?></span></a>
<?php } ?>
- <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=edit&serendipity[id]=<?php echo $rs['id'] ?>&serendipity[entry_id]=<?php echo $rs['entry_id'] ?>" title="<?php echo EDIT; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/edit.png'); ?>" alt="<?php echo EDIT; ?>" /><?php echo EDIT ?></a>
- <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=delete&serendipity[id]=<?php echo $rs['id'] ?>&serendipity[entry_id]=<?php echo $rs['entry_id'] ?>" onclick='return confirm("<?php echo sprintf(COMMENT_DELETE_CONFIRM, $rs['id'], htmlspecialchars($rs['author'])) ?>")' title="<?php echo DELETE ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/delete.png'); ?>" alt="<?php echo DELETE; ?>" /><?php echo DELETE ?></a>
+ <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=edit&serendipity[id]=<?php echo $rs['id'] ?>&serendipity[entry_id]=<?php echo $rs['entry_id'] ?>
&<?php echo serendipity_setFormToken('url'); ?>" title="<?php echo EDIT; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/edit.png'); ?>" alt="<?php echo EDIT; ?>" /><?php echo EDIT ?></a>
+ <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=delete&serendipity[id]=<?php echo $rs['id'] ?>&serendipity[entry_id]=<?php echo $rs['entry_id'] ?>
&<?php echo serendipity_setFormToken('url'); ?>" onclick='return confirm("<?php echo sprintf(COMMENT_DELETE_CONFIRM, $rs['id'], htmlspecialchars($rs['author'])) ?>")' title="<?php echo DELETE ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/delete.png'); ?>" alt="<?php echo DELETE; ?>" /><?php echo DELETE ?></a>
</td>
</tr>
<tr>
$_POST['installAction'] = '';
}
-switch ($_POST['installAction']) {
+switch ($_POST['installAction'] && serendipity_checkFormToken()) {
case 'check':
$oldRewrite = $serendipity['rewrite']; // We save the rewrite method, because we run a check after $serendipity has been updated
$res = serendipity_updateConfiguration();
break;
case 'DoDelete':
+ if (!serendipity_checkFormToken()) {
+ break;
+ }
+
$file = $serendipity['GET']['fname'];
serendipity_deleteImage($serendipity['GET']['fid']);
break;
}
$abortLoc = $serendipity['serendipityHTTPPath'] . 'serendipity_admin.php?serendipity[adminModule]=images';
- $newLoc = $abortLoc . '&serendipity[adminAction]=DoDelete&serendipity[fid]=' . $serendipity['GET']['fid'];
+ $newLoc = $abortLoc . '&serendipity[adminAction]=DoDelete&serendipity[fid]=' . $serendipity['GET']['fid'] . '&' . serendipity_setFormToken('url');
printf(ABOUT_TO_DELETE_FILE, $file['name'] .'.'. $file['extension']);
?>
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
$serendipity['GET']['newname'] = serendipity_uploadSecure($serendipity['GET']['newname'], true);
+ if (!serendipity_checkFormToken()) {
+ return;
+ }
+
if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
return;
}
break;
case 'add':
+ if (!serendipity_checkFormToken()) {
+ break;
+ }
?>
<b><?php echo ADDING_IMAGE; ?></b>
<br /><br />
case 'directoryDoDelete':
+ if (!serendipity_checkFormToken()) {
+ break;
+ }
+
if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
return;
}
}
break;
+
case 'directoryDelete':
if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
return;
<br />
<br />
<form method="POST" action="?serendipity[adminModule]=images&serendipity[adminAction]=directoryDoDelete&serendipity[dir]=<?php echo $serendipity['GET']['dir'] ?>">
+ <?php echo serendipity_setFormToken(); ?>
<table cellpadding="5">
<tr>
<td width="100"><strong><?php echo NAME ?></strong></td>
case 'directoryDoCreate':
+ if (!serendipity_checkFormToken()) {
+ break;
+ }
+
if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
return;
}
<br />
<br />
<form method="POST" action="?serendipity[adminModule]=images&serendipity[adminAction]=directoryDoCreate">
+ <?php echo serendipity_setFormToken(); ?>
<table cellpadding="5">
<tr>
<td><?php echo NAME ?></td>
<form action="?" method="POST" id="uploadform" enctype="multipart/form-data">
<div>
+ <?php echo serendipity_setFormToken(); ?>
<input type="hidden" name="serendipity[action]" value="admin" />
<input type="hidden" name="serendipity[adminModule]" value="images" />
<input type="hidden" name="serendipity[adminAction]" value="add" />
if ( serendipity_rotateImg($serendipity['GET']['fid'], -90) ) {
?>
<script language="javascript" type="text/javascript">
- location.href="<?php echo $_SERVER['HTTP_REFERER'] ?>";
+ location.href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>";
</script>
- <noscript><a href="<?php echo $_SERVER['HTTP_REFERER'] ?>"><?php echo DONE ?></a></noscript>
+ <noscript><a href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>"><?php echo DONE ?></a></noscript>
<?php
}
break;
if ( serendipity_rotateImg($serendipity['GET']['fid'], 90) ) {
?>
<script language="javascript" type="text/javascript">
- location.href="<?php echo $_SERVER['HTTP_REFERER'] ?>";
+ location.href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>";
</script>
- <noscript><a href="<?php echo $_SERVER['HTTP_REFERER'] ?>"><?php echo DONE ?></a></noscript>
+ <noscript><a href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>"><?php echo DONE ?></a></noscript>
<?php
}
break;
case 'scale':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
+ if (!serendipity_checkFormToken()) {
+ break;
+ }
+
if ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
return;
}
<script language="javascript" type="text/javascript">
// location.href="?serendipity[adminModule]=images";
</script>
- <noscript><a href="<?php echo $_SERVER['HTTP_REFERER'] ?>"><?php echo DONE ?></a></noscript>
+ <noscript><a href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>"><?php echo DONE ?></a></noscript>
<?php
break;
<div>
<?php echo NEWSIZE; ?>
+ <?php echo serendipity_setFormToken(); ?>
<input type="hidden" name="serendipity[adminModule]" value="images" />
<input type="hidden" name="serendipity[adminAction]" value="scale" />
<input type="hidden" name="serendipity[fid]" value="<?php echo $serendipity["GET"]["fid"]; ?>" />
<!--
function rename(id, fname) {
if(newname = prompt('<?php echo ENTER_NEW_NAME; ?>' + fname, fname)) {
- location.href='?serendipity[adminModule]=images&serendipity[adminAction]=rename&serendipity[fid]='+ escape(id) + '&serendipity[newname]='+ escape(newname);
+ location.href='?<?php echo serendipity_setFormToken('url'); ?>&serendipity[adminModule]=images&serendipity[adminAction]=rename&serendipity[fid]='+ escape(id) + '&serendipity[newname]='+ escape(newname);
}
}
//-->
break;
}
/* vim: set sts=4 ts=4 expandtab : */
-?>
}
}
-if ( isset($serendipity['GET']['importFrom']) ) {
+if (isset($serendipity['GET']['importFrom']) && serendipity_checkFormToken()) {
/* Include the importer */
$class = @require_once(S9Y_INCLUDE_PATH . 'include/admin/importers/'. basename($serendipity['GET']['importFrom']) .'.inc.php');
<?php echo IMPORT_PLEASE_ENTER ?>:<br />
<br />
<form action="" method="POST" enctype="multipart/form-data">
+ <?php echo serendipity_setFormToken(); ?>
<table cellpadding="3" cellspacing="2">
<?php foreach ( $importer->getInputFields() as $field ) { ?>
<tr>
<br />
<form action="" method="GET">
<input type="hidden" name="serendipity[adminModule]" value="import">
+ <?php echo serendipity_setFormToken(); ?>
<strong><?php echo IMPORT_WEBLOG_APP ?>: </strong>
<select name="serendipity[importFrom]">
<?php foreach ($list as $v=>$k) { ?>
$c = &new Onyx_RSS();
$c->parse($this->data['url']);
+ $this->data['encoding'] = $c->rss['encoding'];
$serendipity['noautodiscovery'] = 1;
while ($item = $c->getNextItem()) {
$from = array();
-if ( $serendipity['GET']['adminAction'] == 'save' ) {
+if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()) {
$config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
if ((int)$_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
<form action="?serendipity[adminModule]=personal&serendipity[adminAction]=save" method="post">
<?php
+echo serendipity_setFormToken();
$template = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
$user = serendipity_fetchUsers($serendipity['authorid']);
$from = $user[0];
<?php
/* vim: set sts=4 ts=4 expandtab : */
-?>
global $serendipity;
?>
<form action="?serendipity[adminModule]=plugins" method="post">
+ <?php echo serendipity_setFormToken(); ?>
<table border="0" cellpadding="5" cellspacing="0" width="100%">
<tr>
<td colspan="2"> </td>
if ($sort_idx == 0) {
$moveup = ' ';
} else {
- $moveup = '<a href="?serendipity[adminModule]=plugins&submit=move+up&serendipity[plugin_to_move]=' . $key . $event_only_uri . '" style="border: 0"><img src="' . serendipity_getTemplateFile('admin/img/uparrow.png') .'" height="16" width="16" border="0" alt="' . UP . '" /></a>';
+ $moveup = '<a href="?
' . serendipity_setFormToken('url') . '&serendipity[adminModule]=plugins&submit=move+up&serendipity[plugin_to_move]=' . $key . $event_only_uri . '" style="border: 0"><img src="' . serendipity_getTemplateFile('admin/img/uparrow.png') .'" height="16" width="16" border="0" alt="' . UP . '" /></a>';
}
if ($sort_idx == (count($plugins)-1)) {
$movedown = ' ';
} else {
- $movedown = ($moveup != '' ? ' ' : '') . '<a href="?serendipity[adminModule]=plugins&submit=move+down&serendipity[plugin_to_move]=' . $key . $event_only_uri . '" style="border: 0"><img src="' . serendipity_getTemplateFile('admin/img/downarrow.png') . '" height="16" width="16" alt="'. DOWN .'" border="0" /></a>';
+ $movedown = ($moveup != '' ? ' ' : '') . '<a href="?
' . serendipity_setFormToken('url') . '&serendipity[adminModule]=plugins&submit=move+down&serendipity[plugin_to_move]=' . $key . $event_only_uri . '" style="border: 0"><img src="' . serendipity_getTemplateFile('admin/img/downarrow.png') . '" height="16" width="16" alt="'. DOWN .'" border="0" /></a>';
}
?>
<tr>
return $x . "</select>\n";
}
-if (isset($_GET['serendipity']['plugin_to_move']) && isset($_GET['submit'])) {
+if (isset($_GET['serendipity']['plugin_to_move']) && isset($_GET['submit']) && serendipity_checkFormToken()) {
if (isset($_GET['serendipity']['event_plugin'])) {
$plugins = serendipity_plugin_api::enum_plugins('event', false);
} else {
$config_names = $bag->get('configuration');
- if (isset($_POST['SAVECONF'])) {
+ if (isset($_POST['SAVECONF']) && serendipity_checkFormToken()) {
/* enum properties and set their values */
foreach ($config_names as $config_item) {
<?php } ?>
<form method="post" name="serendipityPluginConfigure">
+ <?php echo serendipity_setFormToken(); ?>
<table cellpadding="5" style="border: 1px dashed" width="90%" align="center">
<tr>
<th width="100"><?php echo NAME; ?></th>
} else {
/* show general plugin list */
- if (isset($_POST['SAVE']) && isset($_POST['serendipity']['placement'])) {
+ if (isset($_POST['SAVE']) && isset($_POST['serendipity']['placement']) && serendipity_checkFormToken()) {
foreach ($_POST['serendipity']['placement'] as $plugin_name => $placement) {
serendipity_plugin_api::update_plugin_placement(
addslashes($plugin_name),
}
}
- if (isset($_POST['REMOVE'])) {
+ if (isset($_POST['REMOVE']) && serendipity_checkFormToken()) {
if (is_array($_POST['serendipity']['plugin_to_remove'])) {
foreach ($_POST['serendipity']['plugin_to_remove'] as $key) {
$plugin =& serendipity_plugin_api::load_plugin($key);
<?php
}
/* vim: set sts=4 ts=4 expandtab : */
-?>
require_once(S9Y_INCLUDE_PATH . 'include/functions_installer.inc.php');
/* Delete a user */
-if (isset($_POST['DELETE_YES'])) {
+if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) {
$user = serendipity_fetchUsers($serendipity['POST']['user']);
if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED . '</div>';
/* Save new user */
-if (isset($_POST['SAVE_NEW'])) {
+if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
if ($_POST['userlevel'] >= $serendipity['serendipityUserlevel'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED . '</div>';
} else {
/* Edit a user */
-if (isset($_POST['SAVE_EDIT'])) {
+if (isset($_POST['SAVE_EDIT']) && serendipity_checkFormToken()) {
$user = serendipity_fetchUsers($serendipity['POST']['authorid']);
if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN) {
echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED . '</div>';
<br />
<hr noshade="noshade">
<form action="?serendipity[adminModule]=users" method="post">
+<?php echo serendipity_setFormToken(); ?>
<div>
<h3>
<?php
<div>
<?php printf(DELETE_USER, $serendipity['GET']['userid'], $user[0]['realname']); ?>
<br /><br />
+ <?php echo serendipity_setFormToken(); ?>
<input type="hidden" name="serendipity[user]" value="<?php echo $serendipity['GET']['userid']; ?>" />
<input type="submit" name="DELETE_YES" value="<?php echo DUMP_IT; ?>" class="serendipityPrettyButton" />
<input type="submit" name="NO" value="<?php echo NOT_REALLY; ?>" class="serendipityPrettyButton" />
$row = serendipity_db_query($query, true, 'assoc');
if (is_array($row)) {
+ serendipity_setCookie('old_session', session_id());
$_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username;
$_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password;
$_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email'];
return $lang;
}
+function serendipity_checkXSRF() {
+ global $serendipity;
+
+ // If no module was requested, the user has just logged in and no action will be performed.
+ if (empty($serendipity['GET']['adminModule'])) {
+ return false;
+ }
+
+ // The referrer was empty. Deny access.
+ if (empty($_SERVER['HTTP_REFERER'])) {
+ echo serendipity_reportXSRF(1, true, true);
+ return false;
+ }
+
+ // Parse the Referrer host. Abort if not parseable.
+ $hostinfo = @parse_url($_SERVER['HTTP_REFERER']);
+ if (!is_array($hostinfo)) {
+ echo serendipity_reportXSRF(2, true, true);
+ return true;
+ }
+
+ // Get the server against we will perform the XSRF check.
+ $server = '';
+ if (empty($_SERVER['HTTP_HOST'])) {
+ $myhost = @parse_url($serendipity['baseURL']);
+ if (is_array($myhost)) {
+ $server = $myhost['host'];
+ }
+ } else {
+ $server = $_SERVER['HTTP_HOST'];
+ }
+
+ // If the current server is different than the referred server, deny access.
+ if ($hostinfo['host'] != $server) {
+ echo serendipity_reportXSRF(3, true, true);
+ return true;
+ }
+
+ return false;
+}
+
+function serendipity_reportXSRF($type = 0, $reset = true, $use_config = false) {
+ global $serendipity;
+
+ // Set this in your serendipity_config_local.inc.php if you want HTTP Referrer blocking:
+ // $serendipity['referrerXSRF'] = true;
+
+ $string = '<div class="serendipityAdminMsgError XSRF_' . $type . '">' . ERROR_XSRF . '</div>';
+ if ($reset) {
+ // Config key "referrerXSRF" can be set to enable blocking based on HTTP Referrer. Recommended for Paranoia.
+ if (($use_config && isset($serendipity['referrerXSRF']) && $serendipity['referrerXSRF']) || $use_config === false) {
+ $serendipity['GET']['adminModule'] = '';
+ } else {
+ // Paranoia not enabled. Do not report XSRF.
+ $string = '';
+ }
+ }
+ return $string;
+}
+
+function serendipity_checkFormToken() {
+ global $serendipity;
+
+ $token = '';
+ if (!empty($serendipity['POST']['token'])) {
+ $token = $serendipity['POST']['token'];
+ } elseif (!empty($serendipity['GET']['token'])) {
+ $token = $serendipity['GET']['token'];
+ }
+
+ if (empty($token)) {
+ echo serendipity_reportXSRF('token', false);
+ return false;
+ }
+
+ if ($token != md5(session_id()) &&
+ $token != md5($serendipity['COOKIE']['old_session'])) {
+ echo serendipity_reportXSRF('token', false);
+ return false;
+ }
+
+ return true;
+}
+
+function serendipity_setFormToken($type = 'form') {
+ global $serendipity;
+
+ if ($type == 'form') {
+ return '<input type="hidden" name="serendipity[token]" value="' . md5(session_id()) . '" />';
+ } elseif ($type == 'url') {
+ return 'serendipity[token]=' . md5(session_id());
+ } else {
+ return md5(session_id());
+ }
+}
+
/* vim: set sts=4 ts=4 expandtab : */
?>
$hidden .= ' <input type="hidden" id="entryid" name="serendipity[id]" value="' . (isset($entry['id']) ? $entry['id'] : '') . '" />' . $n;
$hidden .= ' <input type="hidden" name="serendipity[timestamp]" value="' . (isset($entry['timestamp']) ? serendipity_serverOffsetHour($entry['timestamp']) : serendipity_serverOffsetHour(time())) . '" />' . $n;
$hidden .= ' <input type="hidden" name="serendipity[preview]" value="false" />';
+ $hidden .= ' ' . serendipity_setFormToken();
if (!empty($errMsg)) {
?>
?>
<form style="display: inline; margin: 0px; padding: 0px;" method="get" action="?">
<?php
+ echo serendipity_setFormToken();
foreach($serendipity['GET'] AS $g_key => $g_val) {
if ( !is_array($g_val) && $g_key != 'page' ) {
echo '<input type="hidden" name="serendipity[' . $g_key . ']" value="' . htmlspecialchars($g_val) . '" />';
<div>
<input type="hidden" name="serendipity[adminModule]" value="installer" />
<input type="hidden" name="installAction" value="check" />
+ <?php echo serendipity_setFormToken(); ?>
<br />
<?php }
if (sizeof($config) > 1 && $allowToggle) { ?>
$line = trim(fgets($fp, 4096));
if ($in_table) {
$def .= $line;
- if (preg_match('/^\)\s*(type\=\S+)?\s*\;$/i', $line)) {
+ if (preg_match('/^\)\s*(type\=\S+|\{UTF_8\})?\s*\;$/i', $line)) {
$in_table = 0;
array_push($queries, $def);
}
projects / s9y.git / commitdiff