svnno****@sourc*****
svnno****@sourc*****
2007年 12月 26日 (水) 14:03:31 JST
SRADRevision: 373
http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi?root=slashdotjp&view=rev&rev=373
Author: caesar
Date: 2007-12-26 14:03:30 +0900 (Wed, 26 Dec 2007)
Log Message:
-----------
address CSRF by using formkeyHandler()
Modified Paths:
--------------
slashjp/branches/deluser/plugins/DelUser/deluser.pl
slashjp/branches/deluser/plugins/DelUser/templates/deleteUser;deluser;default
-------------- next part --------------
Modified: slashjp/branches/deluser/plugins/DelUser/deluser.pl
===================================================================
--- slashjp/branches/deluser/plugins/DelUser/deluser.pl 2007-12-25 14:24:55 UTC (rev 372)
+++ slashjp/branches/deluser/plugins/DelUser/deluser.pl 2007-12-26 05:03:30 UTC (rev 373)
@@ -7,6 +7,7 @@
use strict;
use utf8;
use Slash;
+#use Slash::Apache ();
use Slash::Constants qw(:web :messages);
use Slash::Display;
use Slash::Utility;
@@ -26,7 +27,7 @@
my %ops = (
deleteform => [$user_ok, \&deleteUserForm],
- deleteok => [$post_ok && $user_ok $$ $delete_ok, \&deleteUser],
+ deleteok => [$post_ok && $user_ok && $delete_ok, \&deleteUser],
);
# set default op
@@ -36,7 +37,7 @@
}
# if not logged in or you are admin
- if (!$user_ok || $user->{seclev} < 2) {
+ if (!$user_ok || $user->{seclev} > 2) {
my $rootdir = getCurrentStatic('rootdir');
redirect("$rootdir/");
}
@@ -49,6 +50,8 @@
##################################################################
sub deleteUserForm {
my($slashdb, $reader, $constants, $user, $form, $note) = @_;
+ my $error;
+ my $err = formkeyHandler('generate_formkey', 'deluser', 0, \$error, {});
header();
slashDisplay('deleteUser');
footer();
@@ -58,21 +61,28 @@
my($slashdb, $reader, $constants, $user, $form) = @_;
my $uid = $user->{uid};
- if (!$form->{delete_ok}) {
+ my @checks = qw(valid_check formkey_check regen_formkey);
+ my $error;
+ for (@checks) {
+ my $err = formkeyHandler($_, 'deluser', 0, \$error, {});
+ last if $err || $error;
+ }
+
+ if ($error || !$form->{delete_ok}) {
my $note = '';
deleteUserForm(@_, $note);
} else {
- my $rows = $slashdb->deleteUser($uid);
- if ($rows) {
- $slashdb->deleteLogToken($uid);
- $uid = $constants->{anonymous_coward_uid};
- delete $cookies->{user};
- setCookie('user', '');
+# my $rows = $slashdb->deleteUser($uid);
+# if ($rows) {
+# $slashdb->deleteLogToken($uid);
+# $uid = $constants->{anonymous_coward_uid};
+ #delete $cookies->{user};
+# setCookie('user', '');
header();
slashDisplay('deleteUserFinished');
footer();
- }
+# }
}
}
Modified: slashjp/branches/deluser/plugins/DelUser/templates/deleteUser;deluser;default
===================================================================
--- slashjp/branches/deluser/plugins/DelUser/templates/deleteUser;deluser;default 2007-12-25 14:24:55 UTC (rev 372)
+++ slashjp/branches/deluser/plugins/DelUser/templates/deleteUser;deluser;default 2007-12-26 05:03:30 UTC (rev 373)
@@ -49,7 +49,7 @@
<label>
<input id="delete_ok" type="checkbox" name="delete_ok" value="delete_ok" onClick="toggle_form(this.checked)" onKeydown="toggle_form(this.checked)">本当に削除する</label>
</div>
- <input type="hidden" name="op" value="delete">
+ <input type="hidden" name="op" value="deleteok">
<input type="submit" value="送信" class="button">
</fieldset>
</form>