diff options
author | plegall <plg@piwigo.org> | 2010-03-19 22:25:39 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2010-03-19 22:25:39 +0000 |
commit | c695136e4d75695178a9fc848a7cf6bfa2b9346c (patch) | |
tree | efba21de4995d7bd6b2f792e6d118a8e6e6bd405 /include/functions.inc.php | |
parent | ff7e537e2b4bceaef241096a377d12af4b917c43 (diff) |
bug 1328: backport the pwg_token on trunk
bug 1329: backport the check_input_parameter on trunk
feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).
git-svn-id: http://piwigo.org/svn/trunk@5195 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/functions.inc.php | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index 91738090f..092fe15a4 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1482,4 +1482,86 @@ function get_icon($date, $is_child_date = false) return $cache['get_icon'][$date] ? $icon : array(); } + +/** + * check token comming from form posted or get params to prevent csrf attacks + * if pwg_token is empty action doesn't require token + * else pwg_token is compare to server token + * + * @return void access denied if token given is not equal to server token + */ +function check_pwg_token() +{ + $valid_token = get_pwg_token(); + $given_token = null; + + if (!empty($_POST['pwg_token'])) + { + $given_token = $_POST['pwg_token']; + } + elseif (!empty($_GET['pwg_token'])) + { + $given_token = $_GET['pwg_token']; + } + if ($given_token != $valid_token) + { + access_denied(); + } +} + +function get_pwg_token() +{ + global $conf; + + return hash_hmac('md5', session_id(), $conf['secret_key']); +} + +/* + * breaks the script execution if the given value doesn't match the given + * pattern. This should happen only during hacking attempts. + * + * @param string param_name + * @param array param_array + * @param boolean is_array + * @param string pattern + * + * @return void + */ +function check_input_parameter($param_name, $param_array, $is_array, $pattern) +{ + $param_value = null; + if (isset($param_array[$param_name])) + { + $param_value = $param_array[$param_name]; + } + + // it's ok if the input parameter is null + if (empty($param_value)) + { + return true; + } + + if ($is_array) + { + if (!is_array($param_value)) + { + fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array'); + } + + foreach ($param_value as $item_to_check) + { + if (!preg_match($pattern, $item_to_check)) + { + fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"'); + } + } + } + else + { + if (!preg_match($pattern, $param_value)) + { + fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" is not valid'); + } + } +} ?>
\ No newline at end of file |