diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions.inc.php | 42 | ||||
| -rw-r--r-- | include/functions_comment.inc.php | 17 | ||||
| -rw-r--r-- | include/picture_comment.inc.php | 4 | ||||
| -rw-r--r-- | include/ws_functions.inc.php | 2 |
4 files changed, 32 insertions, 33 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index a994fdb95..61db92ab5 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1333,25 +1333,37 @@ function secure_directory($dir) } /** - * returns a "secret key" that is to be sent back when a user enters a comment + * returns a "secret key" that is to be sent back when a user posts a form * - * @param int image_id + * @param int valid_after_seconds - key validity start time from now */ -function get_comment_post_key($image_id) +function get_ephemeral_key($valid_after_seconds, $aditionnal_data_to_hash = '') { - global $conf; - - $time = time(); + global $conf; + $time = round(microtime(true), 1); + return $time.':'.$valid_after_seconds.':' + .hash_hmac( + 'md5', + $time.substr($_SERVER['REMOTE_ADDR'],0,5).$valid_after_seconds.$aditionnal_data_to_hash, + $conf['secret_key']); +} - return sprintf( - '%s:%s', - $time, - hash_hmac( - 'md5', - $time.':'.$image_id, - $conf['secret_key'] - ) - ); +function verify_ephemeral_key($key, $aditionnal_data_to_hash = '') +{ + global $conf; + $time = microtime(true); + $key = explode( ':', @$key ); + if ( count($key)!=3 + or $key[0]>$time-(float)$key[1] // page must have been retrieved more than X sec ago + or $key[0]<$time-3600 // 60 minutes expiration + or hash_hmac( + 'md5', $key[0].substr($_SERVER['REMOTE_ADDR'],0,5).$key[1].$aditionnal_data_to_hash, $conf['secret_key'] + ) != $key[2] + ) + { + return false; + } + return true; } /** diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php index 7f2fd9257..d5b403b8e 100644 --- a/include/functions_comment.inc.php +++ b/include/functions_comment.inc.php @@ -119,14 +119,7 @@ SELECT COUNT(*) AS user_exists $comment_action='reject'; } - $key = explode( ':', @$key ); - if ( count($key)!=2 - or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago - or $key[0]<time()-3600 // 60 minutes expiration - or hash_hmac( - 'md5', $key[0].':'.$comm['image_id'], $conf['secret_key'] - ) != $key[1] - ) + if ( !verify_ephemeral_key(@$key, $comm['image_id']) ) { $comment_action='reject'; } @@ -248,13 +241,7 @@ function update_user_comment($comment, $post_key) $comment_action = 'validate'; - $key = explode( ':', $post_key ); - if ( count($key)!=2 - or $key[0]>time()-2 // page must have been retrieved more than 2 sec ago - or $key[0]<time()-3600 // 60 minutes expiration - or hash_hmac('md5', $key[0].':'.$comment['image_id'], $conf['secret_key'] - ) != $key[1] - ) + if ( !verify_ephemeral_key($post_key, $comment['image_id']) ) { $comment_action='reject'; } diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index cc4970a34..adf928bbb 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -198,7 +198,7 @@ SELECT if (isset($edit_comment) and ($row['id'] == $edit_comment)) { $tpl_comment['IN_EDIT'] = true; - $key = get_comment_post_key($page['image_id']); + $key = get_comment_post_key(2, $page['image_id']); $tpl_comment['KEY'] = $key; $tpl_comment['CONTENT'] = $row['content']; } @@ -233,7 +233,7 @@ SELECT if ($show_add_comment_form) { - $key = get_comment_post_key($page['image_id']); + $key = get_ephemeral_key(3, $page['image_id']); $content = ''; if ('reject'===@$comment_action) { diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index ec9227d49..3cc0fc3a3 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -725,7 +725,7 @@ SELECT id, date, author, content ) { $comment_post_data['author'] = stripslashes($user['username']); - $comment_post_data['key'] = get_comment_post_key($params['image_id']); + $comment_post_data['key'] = get_ephemeral_key(2, $params['image_id']); } $ret = $image_row; |