aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/functions.inc.php42
-rw-r--r--include/functions_comment.inc.php17
-rw-r--r--include/picture_comment.inc.php4
-rw-r--r--include/ws_functions.inc.php2
4 files changed, 32 insertions, 33 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php
index a994fdb95..61db92ab5 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -1333,25 +1333,37 @@ function secure_directory($dir)
}
/**
- * returns a "secret key" that is to be sent back when a user enters a comment
+ * returns a "secret key" that is to be sent back when a user posts a form
*
- * @param int image_id
+ * @param int valid_after_seconds - key validity start time from now
*/
-function get_comment_post_key($image_id)
+function get_ephemeral_key($valid_after_seconds, $aditionnal_data_to_hash = '')
{
- global $conf;
-
- $time = time();
+ global $conf;
+ $time = round(microtime(true), 1);
+ return $time.':'.$valid_after_seconds.':'
+ .hash_hmac(
+ 'md5',
+ $time.substr($_SERVER['REMOTE_ADDR'],0,5).$valid_after_seconds.$aditionnal_data_to_hash,
+ $conf['secret_key']);
+}
- return sprintf(
- '%s:%s',
- $time,
- hash_hmac(
- 'md5',
- $time.':'.$image_id,
- $conf['secret_key']
- )
- );
+function verify_ephemeral_key($key, $aditionnal_data_to_hash = '')
+{
+ global $conf;
+ $time = microtime(true);
+ $key = explode( ':', @$key );
+ if ( count($key)!=3
+ or $key[0]>$time-(float)$key[1] // page must have been retrieved more than X sec ago
+ or $key[0]<$time-3600 // 60 minutes expiration
+ or hash_hmac(
+ 'md5', $key[0].substr($_SERVER['REMOTE_ADDR'],0,5).$key[1].$aditionnal_data_to_hash, $conf['secret_key']
+ ) != $key[2]
+ )
+ {
+ return false;
+ }
+ return true;
}
/**
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 7f2fd9257..d5b403b8e 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -119,14 +119,7 @@ SELECT COUNT(*) AS user_exists
$comment_action='reject';
}
- $key = explode( ':', @$key );
- if ( count($key)!=2
- or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
- or $key[0]<time()-3600 // 60 minutes expiration
- or hash_hmac(
- 'md5', $key[0].':'.$comm['image_id'], $conf['secret_key']
- ) != $key[1]
- )
+ if ( !verify_ephemeral_key(@$key, $comm['image_id']) )
{
$comment_action='reject';
}
@@ -248,13 +241,7 @@ function update_user_comment($comment, $post_key)
$comment_action = 'validate';
- $key = explode( ':', $post_key );
- if ( count($key)!=2
- or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago
- or $key[0]<time()-3600 // 60 minutes expiration
- or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key']
- ) != $key[1]
- )
+ if ( !verify_ephemeral_key($post_key, $comment['image_id']) )
{
$comment_action='reject';
}
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index cc4970a34..adf928bbb 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -198,7 +198,7 @@ SELECT
if (isset($edit_comment) and ($row['id'] == $edit_comment))
{
$tpl_comment['IN_EDIT'] = true;
- $key = get_comment_post_key($page['image_id']);
+ $key = get_comment_post_key(2, $page['image_id']);
$tpl_comment['KEY'] = $key;
$tpl_comment['CONTENT'] = $row['content'];
}
@@ -233,7 +233,7 @@ SELECT
if ($show_add_comment_form)
{
- $key = get_comment_post_key($page['image_id']);
+ $key = get_ephemeral_key(3, $page['image_id']);
$content = '';
if ('reject'===@$comment_action)
{
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index ec9227d49..3cc0fc3a3 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -725,7 +725,7 @@ SELECT id, date, author, content
)
{
$comment_post_data['author'] = stripslashes($user['username']);
- $comment_post_data['key'] = get_comment_post_key($params['image_id']);
+ $comment_post_data['key'] = get_ephemeral_key(2, $params['image_id']);
}
$ret = $image_row;