lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: protection faille CSRF

Browse Source
This commit is contained in:
Regis Houssin 2009-05-19 20:59:20 +00:00
parent 16e91bf213
commit 63cbd5a24e
2 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/main.inc.php
View File

@ -170,12 +170,12 @@ dol_syslog("Start session name=".$sessionname." Session id()=".session_id().", _
// Creation d'un jeton contre les failles CSRF
$token = md5(uniqid(rand(),TRUE)); // Genere un hash d'un nombre aleatoire
// roulement des jetons car cree a chaque appel
$_SESSION['token_level_2'] = $_SESSION['token_level_1'];
$_SESSION['token_level_1'] = $_SESSION['newtoken'];
if (isset($_SESSION['token_level_1'])) $_SESSION['token_level_2'] = $_SESSION['token_level_1'];
if (isset($_SESSION['newtoken'])) $_SESSION['token_level_1'] = $_SESSION['newtoken'];
$_SESSION['newtoken'] = $token;
// Verification de la presence et de la validite du jeton
if (isset($_POST['token_level_1']) && isset($_SESSION['token_level_1']) && isset($_SESSION['token_level_2']))
if (isset($_POST['token']) && isset($_SESSION['token_level_1']) && isset($_SESSION['token_level_2']))
{
if (($_POST['token'] != $_SESSION['token_level_1']) || ($_POST['token'] != $_SESSION['token_level_2']))
{

23
htdocs/public/paybox/newpayment.php
View File

@ -1,6 +1,7 @@
<?php
/* Copyright (C) 2001-2002 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2009 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2009 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -25,6 +26,24 @@
* \version $Id$
*/
// Creation d'un jeton contre les failles CSRF
$sessionname="DOLSESSID_PAYBOX";
session_name($sessionname);
session_start();
$token = md5(uniqid(rand(),TRUE)); // Genere un hash d'un nombre aleatoire
// roulement des jetons car cree a chaque appel
if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
$_SESSION['newtoken'] = $token;
// Verification de la presence et de la validite du jeton
if (isset($_POST['token']) && isset($_SESSION['token']))
{
if ($_POST['token'] != $_SESSION['token'])
{
unset($_POST);
}
}
require("../../master.inc.php");
require_once(DOL_DOCUMENT_ROOT."/paybox/paybox.lib.php");
require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
@ -53,17 +72,20 @@ else $currency=$_REQUEST["currency"];
if (empty($_REQUEST["amount"]))
{
dol_print_error('','ErrorBadParameters');
session_destroy();
exit;
}
$amount=$_REQUEST["amount"];
if (is_numeric($amount) && empty($_REQUEST["tag"]))
{
dol_print_error('','ErrorBadParameters');
session_destroy();
exit;
}
if (! is_numeric($amount) && empty($_REQUEST["ref"]))
{
dol_print_error('','ErrorBadParameters');
session_destroy();
exit;
}
$suffix=$_REQUEST["suffix"];
@ -91,6 +113,7 @@ if ($_REQUEST["action"] == 'dopayment')
if (empty($mesg))
{
print_paybox_redirect($PRICE, $conf->monnaie, $EMAIL, $urlok, $urlko, $TAG, $ID);
session_destroy();
exit;
}
}