diff options
| -rw-r--r-- | comments.php | 2 | ||||
| -rw-r--r-- | include/functions.inc.php | 42 | ||||
| -rw-r--r-- | include/functions_comment.inc.php | 17 | ||||
| -rw-r--r-- | include/picture_comment.inc.php | 4 | ||||
| -rw-r--r-- | include/ws_functions.inc.php | 2 | ||||
| -rw-r--r-- | register.php | 23 | ||||
| -rw-r--r-- | themes/default/template/register.tpl | 1 |
7 files changed, 51 insertions, 40 deletions
diff --git a/comments.php b/comments.php index 78f3d011d..25a0084bc 100644 --- a/comments.php +++ b/comments.php @@ -504,7 +504,7 @@ SELECT c.id, name, permalink, uppercats, com.id as comment_id if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment)) { $tpl_comment['IN_EDIT'] = true; - $key = get_comment_post_key($comment['image_id']); + $key = get_ephemeral_key(2, $comment['image_id']); $tpl_comment['KEY'] = $key; $tpl_comment['IMAGE_ID'] = $comment['image_id']; $tpl_comment['CONTENT'] = $comment['content']; diff --git a/include/functions.inc.php b/include/functions.inc.php index a994fdb95..61db92ab5 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1333,25 +1333,37 @@ function secure_directory($dir) } /** - * returns a "secret key" that is to be sent back when a user enters a comment + * returns a "secret key" that is to be sent back when a user posts a form * - * @param int image_id + * @param int valid_after_seconds - key validity start time from now */ -function get_comment_post_key($image_id) +function get_ephemeral_key($valid_after_seconds, $aditionnal_data_to_hash = '') { - global $conf; - - $time = time(); + global $conf; + $time = round(microtime(true), 1); + return $time.':'.$valid_after_seconds.':' + .hash_hmac( + 'md5', + $time.substr($_SERVER['REMOTE_ADDR'],0,5).$valid_after_seconds.$aditionnal_data_to_hash, + $conf['secret_key']); +} - return sprintf( - '%s:%s', - $time, - hash_hmac( - 'md5', - $time.':'.$image_id, - $conf['secret_key'] - ) - ); +function verify_ephemeral_key($key, $aditionnal_data_to_hash = '') +{ + global $conf; + $time = microtime(true); + $key = explode( ':', @$key ); + if ( count($key)!=3 + or $key[0]>$time-(float)$key[1] // page must have been retrieved more than X sec ago + or $key[0]<$time-3600 // 60 minutes expiration + or hash_hmac( + 'md5', $key[0].substr($_SERVER['REMOTE_ADDR'],0,5).$key[1].$aditionnal_data_to_hash, $conf['secret_key'] + ) != $key[2] + ) + { + return false; + } + return true; } /** diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 7f2fd9257..d5b403b8e 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -119,14 +119,7 @@ SELECT COUNT(*) AS user_exists $comment_action='reject'; } - $key = explode( ':', @$key ); - if ( count($key)!=2 - or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago - or $key[0]<time()-3600 // 60 minutes expiration - or hash_hmac( - 'md5', $key[0].':'.$comm['image_id'], $conf['secret_key'] - ) != $key[1] - ) + if ( !verify_ephemeral_key(@$key, $comm['image_id']) ) { $comment_action='reject'; } @@ -248,13 +241,7 @@ function update_user_comment($comment, $post_key) $comment_action = 'validate'; - $key = explode( ':', $post_key ); - if ( count($key)!=2 - or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago - or $key[0]<time()-3600 // 60 minutes expiration - or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key'] - ) != $key[1] - ) + if ( !verify_ephemeral_key($post_key, $comment['image_id']) ) { $comment_action='reject'; } diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index cc4970a34..adf928bbb 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -198,7 +198,7 @@ SELECT if (isset($edit_comment) and ($row['id'] == $edit_comment)) { $tpl_comment['IN_EDIT'] = true; - $key = get_comment_post_key($page['image_id']); + $key = get_comment_post_key(2, $page['image_id']); $tpl_comment['KEY'] = $key; $tpl_comment['CONTENT'] = $row['content']; } @@ -233,7 +233,7 @@ SELECT if ($show_add_comment_form) { - $key = get_comment_post_key($page['image_id']); + $key = get_ephemeral_key(3, $page['image_id']); $content = ''; if ('reject'===@$comment_action) { diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index ec9227d49..3cc0fc3a3 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -725,7 +725,7 @@ SELECT id, date, author, content ) { $comment_post_data['author'] = stripslashes($user['username']); - $comment_post_data['key'] = get_comment_post_key($params['image_id']); + $comment_post_data['key'] = get_ephemeral_key(2, $params['image_id']); } $ret = $image_row; diff --git a/register.php b/register.php index 98e76d916..81fd85c78 100644 --- a/register.php +++ b/register.php @@ -40,13 +40,19 @@ if (!$conf['allow_user_registration']) $errors = array(); if (isset($_POST['submit'])) { + if (!verify_ephemeral_key(@$_POST['key'])) + { + set_status_header(403); + array_push($errors, 'Invalid/expired form key'); + } + if ($_POST['password'] != $_POST['password_conf']) { array_push($errors, l10n('please enter your password again')); } $errors = - register_user(htmlspecialchars($_POST['login'],ENT_COMPAT,'utf-8'), + register_user($_POST['login'], $_POST['password'], $_POST['mail_address'], true, @@ -58,10 +64,15 @@ if (isset($_POST['submit'])) log_user($user_id, false); redirect(make_index_url()); } + $registration_post_key = get_ephemeral_key(2); +} +else +{ + $registration_post_key = get_ephemeral_key(6); } -$login = !empty($_POST['login'])?$_POST['login']:''; -$email = !empty($_POST['mail_address'])?$_POST['mail_address']:''; +$login = !empty($_POST['login'])?htmlspecialchars(stripslashes($_POST['login'])):''; +$email = !empty($_POST['mail_address'])?htmlspecialchars(stripslashes($_POST['mail_address'])):''; //----------------------------------------------------- template initialization // @@ -74,10 +85,10 @@ include(PHPWG_ROOT_PATH.'include/page_header.php'); $template->set_filenames( array('register'=>'register.tpl') ); $template->assign(array( 'U_HOME' => make_index_url(), - + 'F_KEY' => $registration_post_key, 'F_ACTION' => 'register.php', - 'F_LOGIN' => htmlspecialchars($login, ENT_QUOTES, 'utf-8'), - 'F_EMAIL' => htmlspecialchars($email, ENT_QUOTES, 'utf-8') + 'F_LOGIN' => $login, + 'F_EMAIL' => $email )); //-------------------------------------------------------------- errors display diff --git a/themes/default/template/register.tpl b/themes/default/template/register.tpl index 6eb32251a..4d97be09d 100644 --- a/themes/default/template/register.tpl +++ b/themes/default/template/register.tpl @@ -54,6 +54,7 @@ </fieldset> <p class="bottomButtons"> + <input type="hidden" name="key" value="{$F_KEY}" > <input class="submit" type="submit" name="submit" value="{'Register'|@translate}"> <input class="submit" type="reset" value="{'Reset'|@translate}"> </p> |