319 $template->footer(true); |
319 $template->footer(true); |
320 |
320 |
321 $db->close(); |
321 $db->close(); |
322 exit(0); |
322 exit(0); |
323 |
323 |
|
324 } |
|
325 |
|
326 /** |
|
327 * Generates a confirmation form if a CSRF check fails. Will terminate execution. |
|
328 */ |
|
329 |
|
330 function csrf_request_confirm() |
|
331 { |
|
332 global $db, $session, $paths, $template, $plugins; // Common objects |
|
333 |
|
334 // If the token was overridden with the correct one, the user confirmed the action using this form. Continue exec. |
|
335 if ( isset($_POST['cstok']) || isset($_GET['cstok']) ) |
|
336 { |
|
337 // using the if() check makes sure that the token isn't in a cookie, since $_REQUEST includes $_COOKIE. |
|
338 $token_check =& $_REQUEST['cstok']; |
|
339 if ( $token_check === $session->csrf_token ) |
|
340 { |
|
341 // overridden token matches, continue exec |
|
342 return true; |
|
343 } |
|
344 } |
|
345 |
|
346 @ob_end_clean(); |
|
347 |
|
348 $template->tpl_strings['PAGE_NAME'] = 'Invalid form confirmation key'; |
|
349 $template->header(); |
|
350 |
|
351 // initial info |
|
352 echo '<p>Your browser sent an invalid confirmation key for a form. Your session may have expired, or you may have been redirected here from a remote site in an attack known as Cross-Site Request Forgery (CSRF). If you are sure you want to continue with this action, you may click the button below. Otherwise, return to the main page and do not proceed.</p>'; |
|
353 |
|
354 // start form |
|
355 $form_method = ( empty($_POST) ) ? 'get' : 'post'; |
|
356 echo '<form action="' . htmlspecialchars($_SERVER['REQUEST_URI']) . '" method="' . $form_method . '" enctype="multipart/form-data">'; |
|
357 |
|
358 echo '<fieldset enano:expand="closed">'; |
|
359 echo '<legend>View request and form data</legend><div>'; |
|
360 |
|
361 if ( empty($_POST) ) |
|
362 { |
|
363 // GET request |
|
364 echo csrf_confirm_get_recursive(); |
|
365 } |
|
366 else |
|
367 { |
|
368 // POST request |
|
369 echo csrf_confirm_post_recursive(); |
|
370 } |
|
371 echo '</div></fieldset>'; |
|
372 // insert the right CSRF token |
|
373 echo '<input type="hidden" name="cstok" value="' . $session->csrf_token . '" />'; |
|
374 echo '<p><input type="submit" value="Continue" /></p>'; |
|
375 echo '</form><script type="text/javascript">addOnloadHook(function(){load_component(\'expander\');});</script>'; |
|
376 |
|
377 $template->footer(); |
|
378 |
|
379 exit; |
|
380 } |
|
381 |
|
382 function csrf_confirm_get_recursive($_inner = false, $pfx = false, $data = false) |
|
383 { |
|
384 // make posted arrays work right |
|
385 if ( !$data ) |
|
386 ( $_inner == 'post' ) ? $data =& $_POST : $data =& $_GET; |
|
387 foreach ( $data as $key => $value ) |
|
388 { |
|
389 $pfx_this = ( empty($pfx) ) ? $key : "{$pfx}[{$key}]"; |
|
390 if ( is_array($value) ) |
|
391 { |
|
392 csrf_confirm_get_recursive(true, $pfx_this, $value); |
|
393 } |
|
394 else if ( empty($value) ) |
|
395 { |
|
396 echo htmlspecialchars($pfx_this . " = <nil>") . "<br />\n"; |
|
397 echo '<input type="hidden" name="' . htmlspecialchars($pfx_this) . '" value="" />'; |
|
398 } |
|
399 else |
|
400 { |
|
401 echo htmlspecialchars($pfx_this . " = " . $value) . "<br />\n"; |
|
402 echo '<input type="hidden" name="' . htmlspecialchars($pfx_this) . '" value="' . htmlspecialchars($value) . '" />'; |
|
403 } |
|
404 } |
|
405 } |
|
406 |
|
407 function csrf_confirm_post_recursive() |
|
408 { |
|
409 csrf_confirm_get_recursive('post'); |
324 } |
410 } |
325 |
411 |
326 // Removed wikiFormat() from here, replaced with RenderMan::render |
412 // Removed wikiFormat() from here, replaced with RenderMan::render |
327 |
413 |
328 /** |
414 /** |