From: <gi...@ma...> - 2009-07-06 15:55:52
|
The branch, master has been updated via e00319f2f6be0acb71cb2296f49e68780f0d0186 (commit) via bf7b39a5b29be2156bc90c39072073a77725dd45 (commit) via cba9a85acd9c00fb8993ebf856e90a8a839fe137 (commit) via 3a4d1a12af376bbe364003e88560b205a12f83eb (commit) via 4fadaf737d95d5f9ae8faea3b7f40a542f509686 (commit) via cd251a435c49d3efa6e4ca33f723e0712ba2d332 (commit) via b368fc5a103966b826dddd46ee3b087f67d76192 (commit) via 663a57892f281d03dec2762a52cd7fdd4c3db78c (commit) via d79af1672e7d057f0cb29b4fc0c3487768807f32 (commit) via 8fae4fc478ad39851b26f4bf694849145c5be3e5 (commit) via 55cc15f412a5f5314b3bbfeb7a3a243c4ddd9f5f (commit) via 108db3df79ec71419de550d35658ab5a41097791 (commit) via 164278a3a179e280316ae80c689f83ce0e49bd17 (commit) via 6951bcdcfd92e7d4439d7217bc2a1f400a5f6d2a (commit) via 7fa5bd1a719bcd5a7b0b322233bb99f70cbd8fd5 (commit) via e36500f1e1da1ffc3439a1586f4e57077a9b69b0 (commit) via 1831dbfb59943ec816076cc858dda80fba3a1798 (commit) via 7d9420086d8eba404c643a25773d0605a3c62eac (commit) via 6d1f1a5bcc117e1f5eb58882d19b8844e17b703d (commit) via 6b4fd70e195f0a65d29725a6789d1fbab50938fd (commit) via 5d0673f0535c1b2106f5bf3d68b7e9ed5380489f (commit) via f6e3f0f5f06f320413983fd3698a143ef5e414ab (commit) via a72770aa0b3a8acff6b2688d1c6ef746b3388f08 (commit) via 18dd92c39ebf7669660d636a077389a4e14e6985 (commit) via d2cd26e321857fbb21d41c0e2264b5ca8eeaae4e (commit) via 90f03fc196913ea2fdfc6a0d15c54fe380ab652f (commit) via b218eb1527bd92d8538c27ec01eec2427c5de7b0 (commit) via e9031fcbae4af8111244b8a1bd590e12be69a4dc (commit) via dc2233febba720be05ceb82a22e4f1c177f979ca (commit) via 0e152120d0d63746efc7d6bb427f951c1c326215 (commit) via 8a505699c7c3ae690d5f62d40b76fcb9eb9fbdf4 (commit) via b0e5230540c90d231ff17b9df9e5d783d2364323 (commit) via cee5ee1d3563c0496327c307712ddb0780354e10 (commit) via 131654143cb0c08919e0198d7d6dacdee6e3cc5e (commit) via 9a2bcd725fd29aa0b9f6d8e7533fa548e1688d82 (commit) via 50015e39dec835e636306ddffd71541a93d56c01 (commit) via 3b6cee589979bfa130749810b17b39b09caa5b24 (commit) via 2be8e88afcc53bade8a35ce0ea0cfb376a98a493 (commit) via 15a963fd41db11e394bcf3fee6ec68f0ef348d23 (commit) via ef323cc399e90c783fa3a6c632c6b1bfb6cf4ec0 (commit) via 852eec753d14a000220d548347b28903c02a495f (commit) via bc927e2e391dd82bb6187251cca71b04733be1a9 (commit) via c1aa51ae7b9b41a777464817785ff9a061a442bf (commit) via d1cbd478cb455029b0e448394f8884e6c3472b90 (commit) via 7ed79855fed75ca22dd8884a19d5b42f8aeb4cd1 (commit) via cffc81d8ed6688ec0c00b0c8d5106be001495533 (commit) via d5c0f4a4daaa5658fe0735912b3de487464c0075 (commit) via 91634c17750678a2f425a01e57a206335df516b1 (commit) via bde1bcf2a45b659a908019e85f03f2060ff8095f (commit) via 2b32b9e6f337f38b1e178b154c46e293aa2ddfd5 (commit) via 97142a703d7b761236b151ee21c29df20e61c2cf (commit) via cf196081326061694ce6ddcbdedcbb337179c28f (commit) via 73948e457360978a8be4c9558529a6efb5decf02 (commit) via 81e547e7065d68086c14cc4c76116617355ec616 (commit) via cbd5a5659de51c5b8579c5bfe8dc9afcb209a5da (commit) via fb995381bc1d068fee253b7bfa344a8cc92ffc9f (commit) via f3555db05eb6ec3c76cf251f0f5f048278e93b75 (commit) via 3b6f50a6e8e160c8107a702b1b688a24caea51b3 (commit) via 2130f6d07a52d4045fc41cb3a2a85a07bc18f6f4 (commit) via 473456c70d258f50709025e7b08b862f22ec4586 (commit) via 1f82a21a2e915798481e347bde808086068f22a9 (commit) via c2acc9df534bbbcad0115e6124b96a5773d7f1e8 (commit) via 58dad315491ea482c95e597203b6db1bb936f7d6 (commit) from 1fc901f9b40dd09e7d6ccabfb907a70fb1660d65 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e00319f2f6be0acb71cb2296f49e68780f0d0186 Merge: 1fc901f9b40dd09e7d6ccabfb907a70fb1660d65 bf7b39a5b29be2156bc90c39072073a77725dd45 Author: David Hicks <hic...@op...> Date: Tue Jul 7 01:27:25 2009 +1000 Merge branch '10627-csrf' commit bf7b39a5b29be2156bc90c39072073a77725dd45 Author: David Hicks <hic...@op...> Date: Tue Jul 7 01:14:56 2009 +1000 Add CSRF protection for bug_relationship_delete commit cba9a85acd9c00fb8993ebf856e90a8a839fe137 Author: David Hicks <hic...@op...> Date: Tue Jul 7 01:02:24 2009 +1000 Add CSRF protection for manage_user_prune commit 3a4d1a12af376bbe364003e88560b205a12f83eb Author: David Hicks <hic...@op...> Date: Tue Jul 7 01:00:41 2009 +1000 Add CSRF protection for manage_user_proj_delete commit 4fadaf737d95d5f9ae8faea3b7f40a542f509686 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:57:49 2009 +1000 Add CSRF protection for manage_plugin_upgrade commit cd251a435c49d3efa6e4ca33f723e0712ba2d332 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:53:31 2009 +1000 Add CSRF protection for manage_plugin_uninstall commit b368fc5a103966b826dddd46ee3b087f67d76192 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:51:19 2009 +1000 Add CSRF protection for manage_plugin_install commit 663a57892f281d03dec2762a52cd7fdd4c3db78c Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:49:04 2009 +1000 Add CSRF protection for bugnote_set_view_state commit d79af1672e7d057f0cb29b4fc0c3487768807f32 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:43:19 2009 +1000 Add CSRF protection for bugnote_delete commit 8fae4fc478ad39851b26f4bf694849145c5be3e5 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:38:48 2009 +1000 Add CSRF protection for bug_file_delete commit 55cc15f412a5f5314b3bbfeb7a3a243c4ddd9f5f Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:19:58 2009 +1000 Add CSRF protection for bug_assign_reporter commit 108db3df79ec71419de550d35658ab5a41097791 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:16:07 2009 +1000 Add CSRF protection for adm_config_delete commit 164278a3a179e280316ae80c689f83ce0e49bd17 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:12:44 2009 +1000 Add CSRF protection to print_button function As an additional note for this patch, we should ideally be sending parameters to this function via $p_args_to_post where those parameters are being used to change the state of Mantis. At the moment a form security token is created for every call of print_button whereas we really only need to do it when !empty($p_args_to_post). This requires a bit of extra work outside the scope of this patch, and almost all uses of print_button are to modify Mantis in some way, hence this partial fix. commit 6951bcdcfd92e7d4439d7217bc2a1f400a5f6d2a Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:12:49 2009 +1000 CSRF protection not needed in filter_api commit 7fa5bd1a719bcd5a7b0b322233bb99f70cbd8fd5 Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:09:51 2009 +1000 CSRF protection not needed for action confirmation step commit e36500f1e1da1ffc3439a1586f4e57077a9b69b0 Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:04:42 2009 +1000 CSRF protection not needed for bug_change_status_page commit 1831dbfb59943ec816076cc858dda80fba3a1798 Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:03:24 2009 +1000 CSRF protection not needed for set_project commit 7d9420086d8eba404c643a25773d0605a3c62eac Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:01:08 2009 +1000 CSRF protection not needed for login/reauthentication commit 6d1f1a5bcc117e1f5eb58882d19b8844e17b703d Author: David Hicks <hic...@op...> Date: Mon Jul 6 22:03:49 2009 +1000 CSRF protection not needed for set_project commit 6b4fd70e195f0a65d29725a6789d1fbab50938fd Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:58:12 2009 +1000 Cleanup form token usage on manage_proj_edit_page commit 5d0673f0535c1b2106f5bf3d68b7e9ed5380489f Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:55:44 2009 +1000 Add CSRF protection for plugin_xml_import_action commit f6e3f0f5f06f320413983fd3698a143ef5e414ab Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:47:30 2009 +1000 Add CSRF protection for print_all_bug_options_reset commit a72770aa0b3a8acff6b2688d1c6ef746b3388f08 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:46:00 2009 +1000 Add CSRF protection for print_all_bug_options_update commit 18dd92c39ebf7669660d636a077389a4e14e6985 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:43:05 2009 +1000 CSRF protection not needed for print_all_bug_page commit d2cd26e321857fbb21d41c0e2264b5ca8eeaae4e Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:42:14 2009 +1000 CSRF protection not needed for view_all_set commit 90f03fc196913ea2fdfc6a0d15c54fe380ab652f Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:37:04 2009 +1000 CSRF protection not needed for view_all_set commit b218eb1527bd92d8538c27ec01eec2427c5de7b0 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:21:53 2009 +1000 CSRF protection not needed for bug_actiongroup_page commit e9031fcbae4af8111244b8a1bd590e12be69a4dc Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:08:54 2009 +1000 CSRF protection not needed for tag_update_page commit dc2233febba720be05ceb82a22e4f1c177f979ca Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:07:32 2009 +1000 Add CSRF protection for query_store commit 0e152120d0d63746efc7d6bb427f951c1c326215 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:04:44 2009 +1000 Add CSRF protection for query_delete commit 8a505699c7c3ae690d5f62d40b76fcb9eb9fbdf4 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:00:57 2009 +1000 Add CSRF protection for proj_doc_delete commit b0e5230540c90d231ff17b9df9e5d783d2364323 Author: David Hicks <hic...@op...> Date: Mon Jul 6 20:50:52 2009 +1000 Add CSRF protection for proj_doc_update commit cee5ee1d3563c0496327c307712ddb0780354e10 Author: David Hicks <hic...@op...> Date: Mon Jul 6 20:43:25 2009 +1000 Add CSRF protection for proj_doc_add commit 131654143cb0c08919e0198d7d6dacdee6e3cc5e Author: David Hicks <hic...@op...> Date: Mon Jul 6 18:37:52 2009 +1000 Add CSRF protection for plugin_graph_config_edit commit 9a2bcd725fd29aa0b9f6d8e7533fa548e1688d82 Author: David Hicks <hic...@op...> Date: Mon Jul 6 18:31:55 2009 +1000 Missing closure to form element commit 50015e39dec835e636306ddffd71541a93d56c01 Author: David Hicks <hic...@op...> Date: Mon Jul 6 18:30:58 2009 +1000 Add CSRF protection for plugin_format_config_edit commit 3b6cee589979bfa130749810b17b39b09caa5b24 Author: David Hicks <hic...@op...> Date: Mon Jul 6 18:24:59 2009 +1000 CSRF protection not needed for manage_user_page commit 2be8e88afcc53bade8a35ce0ea0cfb376a98a493 Author: David Hicks <hic...@op...> Date: Mon Jul 6 18:21:07 2009 +1000 Fix #10691: missing CSRF token for version delete commit 15a963fd41db11e394bcf3fee6ec68f0ef348d23 Author: David Hicks <hic...@op...> Date: Mon Jul 6 18:06:11 2009 +1000 Add CSRF protection for manage_config_work_threshold_set commit ef323cc399e90c783fa3a6c632c6b1bfb6cf4ec0 Author: David Hicks <hic...@op...> Date: Mon Jul 6 18:02:32 2009 +1000 Add CSRF protection for manage_config_workflow_set commit 852eec753d14a000220d548347b28903c02a495f Author: David Hicks <hic...@op...> Date: Mon Jul 6 17:57:38 2009 +1000 Add CSRF protection for manage_config_columns_reset commit bc927e2e391dd82bb6187251cca71b04733be1a9 Author: David Hicks <hic...@op...> Date: Mon Jul 6 17:54:43 2009 +1000 Add CSRF protection for manage_columns_copy commit c1aa51ae7b9b41a777464817785ff9a061a442bf Author: David Hicks <hic...@op...> Date: Wed Jul 1 22:53:52 2009 +1000 Add CSRF protection for manage_config_columns_set commit d1cbd478cb455029b0e448394f8884e6c3472b90 Author: David Hicks <hic...@op...> Date: Wed Jul 1 22:50:28 2009 +1000 Add CSRF protection for lost_pwd commit 7ed79855fed75ca22dd8884a19d5b42f8aeb4cd1 Author: David Hicks <hic...@op...> Date: Wed Jul 1 22:40:58 2009 +1000 Add CSRF protection for bug_assign commit cffc81d8ed6688ec0c00b0c8d5106be001495533 Author: David Hicks <hic...@op...> Date: Wed Jul 1 22:33:50 2009 +1000 Add CSRF protection for bug_stick commit d5c0f4a4daaa5658fe0735912b3de487464c0075 Author: David Hicks <hic...@op...> Date: Wed Jul 1 22:31:53 2009 +1000 Add CSRF protection to html_button function Generally only POST requests to the server need to have CSRF protection as they're the only ones which should be changing data. commit 91634c17750678a2f425a01e57a206335df516b1 Author: David Hicks <hic...@op...> Date: Wed Jul 1 20:41:58 2009 +1000 CSRF protection not needed for jump_to_bug commit bde1bcf2a45b659a908019e85f03f2060ff8095f Author: David Hicks <hic...@op...> Date: Wed Jul 1 20:01:40 2009 +1000 Add CSRF protection for bug_relationship_add commit 2b32b9e6f337f38b1e178b154c46e293aa2ddfd5 Author: David Hicks <hic...@op...> Date: Sun Jun 28 01:19:07 2009 +1000 Add CSRF protection for bug_set_sponsorship commit 97142a703d7b761236b151ee21c29df20e61c2cf Author: David Hicks <hic...@op...> Date: Sun Jun 28 01:15:03 2009 +1000 CSRF protection not needed for bug_report form bug_report.php has a redirect form that sends a copy of details from the last bug reported to a new bug report form. This makes it easy to create a bunch of similar issues in a row. CSRF is not required here because it doesn't result in changes being made to Mantis. commit cf196081326061694ce6ddcbdedcbb337179c28f Author: David Hicks <hic...@op...> Date: Sun Jun 28 00:41:08 2009 +1000 Add CSRF protection for bug_reminder commit 73948e457360978a8be4c9558529a6efb5decf02 Author: David Hicks <hic...@op...> Date: Sun Jun 28 00:39:09 2009 +1000 CSRF protection not needed for bugnote_stats_inc commit 81e547e7065d68086c14cc4c76116617355ec616 Author: David Hicks <hic...@op...> Date: Sun Jun 28 00:36:42 2009 +1000 Add CSRF protection for bugnote_update commit cbd5a5659de51c5b8579c5bfe8dc9afcb209a5da Author: David Hicks <hic...@op...> Date: Sun Jun 28 00:34:29 2009 +1000 Add CSRF protection for bugnote_add commit fb995381bc1d068fee253b7bfa344a8cc92ffc9f Author: David Hicks <hic...@op...> Date: Sun Jun 28 00:30:47 2009 +1000 Add CSRF protection for bug_monitor commit f3555db05eb6ec3c76cf251f0f5f048278e93b75 Author: David Hicks <hic...@op...> Date: Sun Jun 28 00:12:10 2009 +1000 Add CSRF protection for bug_file_add commit 3b6f50a6e8e160c8107a702b1b688a24caea51b3 Author: David Hicks <hic...@op...> Date: Sun Jun 28 00:02:52 2009 +1000 CSRF protection not needed for billing_inc commit 2130f6d07a52d4045fc41cb3a2a85a07bc18f6f4 Author: David Hicks <hic...@op...> Date: Fri Jun 26 23:04:06 2009 +1000 Add CSRF protection for adm_config_set commit 473456c70d258f50709025e7b08b862f22ec4586 Author: David Hicks <hic...@op...> Date: Fri Jun 26 22:13:05 2009 +1000 Add CSRF protection for account_sponsor_update commit 1f82a21a2e915798481e347bde808086068f22a9 Author: David Hicks <hic...@op...> Date: Fri Jun 26 21:04:16 2009 +1000 Add CSRF protection for account_prefs_reset commit c2acc9df534bbbcad0115e6124b96a5773d7f1e8 Author: David Hicks <hic...@op...> Date: Fri Jun 26 20:43:56 2009 +1000 Add CSRF protection for account_prefs_update commit 58dad315491ea482c95e597203b6db1bb936f7d6 Author: David Hicks <hic...@op...> Date: Fri Jun 26 19:40:10 2009 +1000 Add CSRF protection for account_delete ----------------------------------------------------------------------- Summary of changes: account_delete.php | 4 ++++ account_page.php | 1 + account_prefs_inc.php | 2 ++ account_prefs_reset.php | 4 +++- account_prefs_update.php | 4 +++- account_sponsor_page.php | 1 + account_sponsor_update.php | 4 +++- adm_config_delete.php | 4 +++- adm_config_report.php | 1 + adm_config_set.php | 4 +++- billing_inc.php | 1 + bug_assign.php | 4 +++- bug_assign_reporter.php | 4 +++- bug_file_add.php | 4 +++- bug_file_delete.php | 4 +++- bug_file_upload_inc.php | 2 ++ bug_monitor.php | 4 +++- bug_monitor_list_view_inc.php | 1 + bug_relationship_add.php | 4 +++- bug_relationship_delete.php | 4 ++++ bug_reminder.php | 4 +++- bug_reminder_page.php | 1 + bug_report.php | 1 + bug_set_sponsorship.php | 4 +++- bug_sponsorship_list_view_inc.php | 1 + bug_stick.php | 4 +++- bugnote_add.php | 4 +++- bugnote_add_inc.php | 1 + bugnote_delete.php | 4 +++- bugnote_edit_page.php | 1 + bugnote_set_view_state.php | 4 +++- bugnote_stats_inc.php | 1 + bugnote_update.php | 4 ++++ core/authentication_api.php | 7 ++++--- core/filter_api.php | 5 +++++ core/helper_api.php | 5 +++-- core/html_api.php | 9 +++++++++ core/print_api.php | 7 ++++++- core/relationship_api.php | 3 ++- login_page.php | 1 + login_select_proj_page.php | 1 + lost_pwd.php | 6 ++++-- lost_pwd_page.php | 1 + manage_columns_copy.php | 4 +++- manage_columns_inc.php | 3 +++ manage_config_columns_reset.php | 4 +++- manage_config_columns_set.php | 4 +++- manage_config_work_threshold_page.php | 1 + manage_config_work_threshold_set.php | 3 ++- manage_config_workflow_page.php | 1 + manage_config_workflow_set.php | 4 +++- manage_plugin_install.php | 4 +++- manage_plugin_page.php | 6 +++--- manage_plugin_uninstall.php | 4 +++- manage_plugin_upgrade.php | 4 +++- manage_proj_edit_page.php | 17 ++++++----------- manage_proj_page.php | 4 +--- manage_proj_ver_edit_page.php | 1 + manage_user_page.php | 2 ++ manage_user_proj_delete.php | 4 +++- manage_user_prune.php | 4 +++- plugins/MantisCoreFormatting/pages/config.php | 3 ++- plugins/MantisCoreFormatting/pages/config_edit.php | 4 ++++ plugins/MantisGraph/pages/config.php | 1 + plugins/MantisGraph/pages/config_edit.php | 4 ++++ plugins/XmlImportExport/pages/import.php | 1 + plugins/XmlImportExport/pages/import_action.php | 4 ++++ print_all_bug_options_inc.php | 2 ++ print_all_bug_options_reset.php | 4 +++- print_all_bug_options_update.php | 4 +++- print_all_bug_page.php | 2 ++ proj_doc_add.php | 4 +++- proj_doc_add_page.php | 1 + proj_doc_delete.php | 4 +++- proj_doc_edit_page.php | 2 ++ proj_doc_update.php | 4 +++- query_delete.php | 4 +++- query_delete_page.php | 2 ++ query_store.php | 4 +++- query_store_page.php | 2 ++ tag_view_page.php | 1 + view_all_inc.php | 1 + view_filters_page.php | 1 + 83 files changed, 212 insertions(+), 61 deletions(-) ----------------------------------------------------------------------- commit bf7b39a5b29be2156bc90c39072073a77725dd45 Author: David Hicks <hic...@op...> Date: Tue Jul 7 01:14:56 2009 +1000 Add CSRF protection for bug_relationship_delete diff --git a/bug_relationship_delete.php b/bug_relationship_delete.php index 3f9f9ad..3070cd7 100644 --- a/bug_relationship_delete.php +++ b/bug_relationship_delete.php @@ -33,6 +33,8 @@ require_once( 'relationship_api.php' ); + form_security_validate( 'bug_relationship_delete' ); + $f_rel_id = gpc_get_int( 'rel_id' ); $f_bug_id = gpc_get_int( 'bug_id' ); @@ -93,4 +95,6 @@ email_relationship_deleted( $t_dest_bug_id, $f_bug_id, $t_dest_bug_rel_type ); } + form_security_purge( 'bug_relationship_delete' ); + print_header_redirect_view( $f_bug_id ); diff --git a/core/relationship_api.php b/core/relationship_api.php index 4927aab..b5e658c 100644 --- a/core/relationship_api.php +++ b/core/relationship_api.php @@ -669,7 +669,7 @@ function relationship_get_details( $p_bug_id, $p_relationship, $p_html = false, # add delete link if bug not read only and user has access level if( !bug_is_readonly( $p_bug_id ) && !current_user_is_anonymous() && ( $p_html_preview == false ) ) { if( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ) { - $t_relationship_info_html .= ' [<a class="small" href="bug_relationship_delete.php?bug_id=' . $p_bug_id . '&rel_id=' . $p_relationship->id. '">' . lang_get( 'delete_link' ) . '</a>]'; + $t_relationship_info_html .= ' [<a class="small" href="bug_relationship_delete.php?bug_id=' . $p_bug_id . '&rel_id=' . $p_relationship->id . form_security_param( 'bug_relationship_delete' ) . '">' . lang_get( 'delete_link' ) . '</a>]'; } } commit cba9a85acd9c00fb8993ebf856e90a8a839fe137 Author: David Hicks <hic...@op...> Date: Tue Jul 7 01:02:24 2009 +1000 Add CSRF protection for manage_user_prune diff --git a/manage_user_prune.php b/manage_user_prune.php index 5d911fb..7c6fcc3 100644 --- a/manage_user_prune.php +++ b/manage_user_prune.php @@ -25,7 +25,7 @@ */ require_once( 'core.php' ); - # helper_ensure_post(); + form_security_validate( 'manage_user_prune' ); auth_reauthenticate(); @@ -57,6 +57,8 @@ user_delete($row['id']); } + form_security_purge( 'manage_user_prune' ); + $t_redirect_url = 'manage_user_page.php'; print_header_redirect( $t_redirect_url ); commit 3a4d1a12af376bbe364003e88560b205a12f83eb Author: David Hicks <hic...@op...> Date: Tue Jul 7 01:00:41 2009 +1000 Add CSRF protection for manage_user_proj_delete diff --git a/manage_user_proj_delete.php b/manage_user_proj_delete.php index 80a84a8..5528bd8 100644 --- a/manage_user_proj_delete.php +++ b/manage_user_proj_delete.php @@ -25,7 +25,7 @@ */ require_once( 'core.php' ); - # helper_ensure_post(); + form_security_validate( 'manage_user_proj_delete' ); auth_reauthenticate(); @@ -43,6 +43,8 @@ $result = project_remove_user( $f_project_id, $f_user_id ); + form_security_purge( 'manage_user_proj_delete' ); + $t_redirect_url = 'manage_user_edit_page.php?user_id=' .$f_user_id; html_page_top( null, $t_redirect_url ); commit 4fadaf737d95d5f9ae8faea3b7f40a542f509686 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:57:49 2009 +1000 Add CSRF protection for manage_plugin_upgrade diff --git a/manage_plugin_page.php b/manage_plugin_page.php index e731b3f..924e157 100644 --- a/manage_plugin_page.php +++ b/manage_plugin_page.php @@ -146,7 +146,7 @@ foreach ( $t_plugins_installed as $t_basename => $t_plugin ) { echo '<td> </td><td> </td>'; } echo '<td class="center">'; - if ( $t_upgrade ) { print_bracket_link( 'manage_plugin_upgrade.php?name=' . $t_basename, lang_get( 'plugin_upgrade' ) ); } + if ( $t_upgrade ) { print_bracket_link( 'manage_plugin_upgrade.php?name=' . $t_basename . form_security_param( 'manage_plugin_upgrade' ), lang_get( 'plugin_upgrade' ) ); } if ( $t_uninstall ) { print_bracket_link( 'manage_plugin_uninstall.php?name=' . $t_basename . form_security_param( 'manage_plugin_uninstall' ), lang_get( 'plugin_uninstall' ) ); } echo '</td></tr>'; } ?> diff --git a/manage_plugin_upgrade.php b/manage_plugin_upgrade.php index 1acac38..23de80d 100644 --- a/manage_plugin_upgrade.php +++ b/manage_plugin_upgrade.php @@ -28,7 +28,7 @@ */ require_once( 'core.php' ); -# helper_ensure_post(); +form_security_validate( 'manage_plugin_upgrade' ); auth_reauthenticate(); access_ensure_global_level( config_get( 'manage_plugin_threshold' ) ); @@ -40,4 +40,6 @@ if ( !is_null( $t_plugin ) ) { $t_status = plugin_upgrade( $t_plugin ); } +form_security_purge( 'manage_plugin_upgrade' ); + print_successful_redirect( 'manage_plugin_page.php' ); commit cd251a435c49d3efa6e4ca33f723e0712ba2d332 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:53:31 2009 +1000 Add CSRF protection for manage_plugin_uninstall diff --git a/manage_plugin_page.php b/manage_plugin_page.php index f13076f..e731b3f 100644 --- a/manage_plugin_page.php +++ b/manage_plugin_page.php @@ -147,7 +147,7 @@ foreach ( $t_plugins_installed as $t_basename => $t_plugin ) { } echo '<td class="center">'; if ( $t_upgrade ) { print_bracket_link( 'manage_plugin_upgrade.php?name=' . $t_basename, lang_get( 'plugin_upgrade' ) ); } - if ( $t_uninstall ) { print_bracket_link( 'manage_plugin_uninstall.php?name=' . $t_basename, lang_get( 'plugin_uninstall' ) ); } + if ( $t_uninstall ) { print_bracket_link( 'manage_plugin_uninstall.php?name=' . $t_basename . form_security_param( 'manage_plugin_uninstall' ), lang_get( 'plugin_uninstall' ) ); } echo '</td></tr>'; } ?> diff --git a/manage_plugin_uninstall.php b/manage_plugin_uninstall.php index 5a81ab3..0dc7819 100644 --- a/manage_plugin_uninstall.php +++ b/manage_plugin_uninstall.php @@ -29,7 +29,7 @@ */ require_once( 'core.php' ); -# helper_ensure_post(); +form_security_validate( 'manage_plugin_uninstall' ); auth_reauthenticate(); access_ensure_global_level( config_get( 'manage_plugin_threshold' ) ); @@ -45,4 +45,6 @@ if ( !is_null( $t_plugin ) ) { plugin_force_uninstall( $f_basename ); } +form_security_purge( 'manage_plugin_uninstall' ); + print_successful_redirect( 'manage_plugin_page.php' ); commit b368fc5a103966b826dddd46ee3b087f67d76192 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:51:19 2009 +1000 Add CSRF protection for manage_plugin_install diff --git a/manage_plugin_install.php b/manage_plugin_install.php index 96ed7e8..49ea11d 100644 --- a/manage_plugin_install.php +++ b/manage_plugin_install.php @@ -28,7 +28,7 @@ */ require_once( 'core.php' ); -# helper_ensure_post(); +form_security_validate( 'manage_plugin_install' ); auth_reauthenticate(); access_ensure_global_level( config_get( 'manage_plugin_threshold' ) ); @@ -40,4 +40,6 @@ if ( !is_null( $t_plugin ) ) { plugin_install( $t_plugin ); } +form_security_purge( 'manage_plugin_install' ); + print_successful_redirect( 'manage_plugin_page.php' ); diff --git a/manage_plugin_page.php b/manage_plugin_page.php index 703c168..f13076f 100644 --- a/manage_plugin_page.php +++ b/manage_plugin_page.php @@ -237,7 +237,7 @@ foreach ( $t_plugins_available as $t_basename => $t_plugin ) { echo '<td class="small">',$t_description,$t_author,$t_url,'</td>'; echo '<td class="center">',$t_depends,'</td>'; echo '<td class="center">'; - if ( $t_ready ) { print_bracket_link( 'manage_plugin_install.php?name='.$t_basename, lang_get( 'plugin_install' ) ); } + if ( $t_ready ) { print_bracket_link( 'manage_plugin_install.php?name=' . $t_basename . form_security_param( 'manage_plugin_install' ), lang_get( 'plugin_install' ) ); } echo '</td></tr>'; } ?> commit 663a57892f281d03dec2762a52cd7fdd4c3db78c Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:49:04 2009 +1000 Add CSRF protection for bugnote_set_view_state diff --git a/bugnote_set_view_state.php b/bugnote_set_view_state.php index e703103..30c5a71 100644 --- a/bugnote_set_view_state.php +++ b/bugnote_set_view_state.php @@ -30,7 +30,7 @@ require_once( 'bug_api.php' ); require_once( 'bugnote_api.php' ); - # helper_ensure_post(); + form_security_validate( 'bugnote_set_view_state' ); $f_bugnote_id = gpc_get_int( 'bugnote_id' ); $f_private = gpc_get_bool( 'private' ); @@ -61,4 +61,6 @@ bugnote_set_view_state( $f_bugnote_id, $f_private ); + form_security_purge( 'bugnote_set_view_state' ); + print_successful_redirect( string_get_bug_view_url( $t_bug_id ) . '#bugnotes' ); commit d79af1672e7d057f0cb29b4fc0c3487768807f32 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:43:19 2009 +1000 Add CSRF protection for bugnote_delete diff --git a/bugnote_delete.php b/bugnote_delete.php index 466c27c..5b76f23 100644 --- a/bugnote_delete.php +++ b/bugnote_delete.php @@ -31,7 +31,7 @@ require_once( 'bugnote_api.php' ); require_once( 'current_user_api.php' ); - # helper_ensure_post(); + form_security_validate( 'bugnote_delete' ); $f_bugnote_id = gpc_get_int( 'bugnote_id' ); @@ -60,4 +60,6 @@ # Event integration event_signal( 'EVENT_BUGNOTE_DELETED', array( $t_bug_id, $f_bugnote_id ) ); + form_security_purge( 'bugnote_delete' ); + print_successful_redirect( string_get_bug_view_url( $t_bug_id ) . '#bugnotes' ); commit 8fae4fc478ad39851b26f4bf694849145c5be3e5 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:38:48 2009 +1000 Add CSRF protection for bug_file_delete diff --git a/bug_file_delete.php b/bug_file_delete.php index 9cf54d7..2399740 100644 --- a/bug_file_delete.php +++ b/bug_file_delete.php @@ -29,7 +29,7 @@ require_once( 'file_api.php' ); - # helper_ensure_post(); + form_security_validate( 'bug_file_delete' ); $f_file_id = gpc_get_int( 'file_id' ); @@ -48,4 +48,6 @@ file_delete( $f_file_id, 'bug' ); + form_security_purge( 'bug_file_delete' ); + print_header_redirect_view( $t_bug_id ); diff --git a/core/print_api.php b/core/print_api.php index a1e2525..184b373 100644 --- a/core/print_api.php +++ b/core/print_api.php @@ -1693,7 +1693,7 @@ function print_bug_attachments_list( $p_bug_id ) { echo $t_href_end . ' ' . $t_href_start . $t_file_display_name . $t_href_end . "$t_href_clicket ($t_filesize bytes) <span class=\"italic\">$t_date_added</span>"; if ( $t_attachment['can_delete'] ) { - echo " [<a class=\"small\" href=\"bug_file_delete.php?file_id={$t_attachment['id']}\">" . lang_get( 'delete_link' ) . '</a>]'; + echo " [<a class=\"small\" href=\"bug_file_delete.php?file_id={$t_attachment['id']}" . form_security_param( 'bug_file_delete' ) . "\">" . lang_get( 'delete_link' ) . '</a>]'; } if ( ( FTP == config_get( 'file_upload_method' ) ) && $t_attachment['exists'] ) { commit 55cc15f412a5f5314b3bbfeb7a3a243c4ddd9f5f Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:19:58 2009 +1000 Add CSRF protection for bug_assign_reporter diff --git a/bug_assign_reporter.php b/bug_assign_reporter.php index 2fbf763..be1a4e7 100644 --- a/bug_assign_reporter.php +++ b/bug_assign_reporter.php @@ -29,7 +29,7 @@ require_once( 'bug_api.php' ); - # helper_ensure_post(); + form_security_validate( 'bug_assign_reporter' ); $f_bug_id = gpc_get_int( 'bug_id' ); @@ -44,4 +44,6 @@ bug_assign( $f_bug_id, bug_get_field( $f_bug_id, 'reporter_id') ); + form_security_purge( 'bug_assign_reporter' ); + print_successful_redirect_to_bug( $f_bug_id ); commit 108db3df79ec71419de550d35658ab5a41097791 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:16:07 2009 +1000 Add CSRF protection for adm_config_delete diff --git a/adm_config_delete.php b/adm_config_delete.php index 6a3f96a..3739b98 100644 --- a/adm_config_delete.php +++ b/adm_config_delete.php @@ -25,7 +25,7 @@ */ require_once( 'core.php' ); - # helper_ensure_post(); + form_security_validate( 'adm_config_delete' ); $f_user_id = gpc_get_int( 'user_id' ); $f_project_id = gpc_get_int( 'project_id' ); @@ -47,5 +47,7 @@ config_delete( $f_config_option, $f_user_id, $f_project_id ); + form_security_purg( 'adm_config_delete' ); + print_successful_redirect( 'adm_config_report.php' ); commit 164278a3a179e280316ae80c689f83ce0e49bd17 Author: David Hicks <hic...@op...> Date: Tue Jul 7 00:12:44 2009 +1000 Add CSRF protection to print_button function As an additional note for this patch, we should ideally be sending parameters to this function via $p_args_to_post where those parameters are being used to change the state of Mantis. At the moment a form security token is created for every call of print_button whereas we really only need to do it when !empty($p_args_to_post). This requires a bit of extra work outside the scope of this patch, and almost all uses of print_button are to modify Mantis in some way, hence this partial fix. diff --git a/core/print_api.php b/core/print_api.php index f57eafd..a1e2525 100644 --- a/core/print_api.php +++ b/core/print_api.php @@ -1319,7 +1319,12 @@ function print_manage_project_sort_link( $p_page, $p_string, $p_field, $p_dir, $ # $p_label - The button label # $p_args_to_post - An associative array with key => value to be posted, can be null. function print_button( $p_action_page, $p_label, $p_args_to_post = null ) { + $t_form_name = explode( '.php', $p_action_page, 2 ); + # TODO: ensure all uses of print_button supply arguments via $p_args_to_post (POST) + # instead of via $p_action_page (GET). Then only add the CSRF form token if + # arguments are being sent via the POST method. echo '<form method="post" action="', $p_action_page, '">'; + echo form_security_field( $t_form_name[0] ); echo '<input type="submit" class="button-small" value="', $p_label, '" />'; if( $p_args_to_post !== null ) { diff --git a/manage_proj_edit_page.php b/manage_proj_edit_page.php index 4b80c92..0350918 100644 --- a/manage_proj_edit_page.php +++ b/manage_proj_edit_page.php @@ -366,7 +366,7 @@ if ( access_has_global_level ( config_get( 'delete_project_threshold' ) ) ) { ?> print_button( 'manage_proj_cat_edit_page.php?id=' . $t_id . '&project_id=' . $t_project_id, lang_get( 'edit_link' ) ); echo ' '; - print_button( 'manage_proj_cat_delete.php?id=' . $t_id . '&project_id=' . $t_project_id . form_security_param( 'manage_proj_cat_delete' ), lang_get( 'delete_link' ) ); + print_button( 'manage_proj_cat_delete.php?id=' . $t_id . '&project_id=' . $t_project_id, lang_get( 'delete_link' ) ); } ?> </td> </tr> @@ -474,7 +474,7 @@ if ( access_has_global_level ( config_get( 'delete_project_threshold' ) ) ) { ?> print_button( 'manage_proj_ver_edit_page.php?version_id=' . $t_version_id, lang_get( 'edit_link' ) ); echo ' '; - print_button( 'manage_proj_ver_delete.php?version_id=' . $t_version_id . form_security_param( 'manage_proj_ver_delete' ), lang_get( 'delete_link' ) ); + print_button( 'manage_proj_ver_delete.php?version_id=' . $t_version_id, lang_get( 'delete_link' ) ); ?> </td> </tr> @@ -574,8 +574,7 @@ if ( access_has_project_level( config_get( 'custom_field_link_threshold' ), $f_p <td class="center"> <?php # You need global permissions to edit custom field defs - $t_remove_token = form_security_param( 'manage_proj_custom_field_remove' ); - print_button( "manage_proj_custom_field_remove.php?field_id={$t_field_id}&project_id={$f_project_id}$t_remove_token", lang_get( 'remove_link' ) ); + print_button( "manage_proj_custom_field_remove.php?field_id={$t_field_id}&project_id={$f_project_id}", lang_get( 'remove_link' ) ); ?> </td> </tr> @@ -763,8 +762,6 @@ if ( $t_can_manage_users ) { $t_users_count = count( $t_sort ); $t_removable_users_exist = false; - $t_user_remove_security = form_security_param( 'manage_proj_user_remove' ); - for ( $i = 0; $i < $t_users_count; $i++ ) { $t_user = $t_users[$i]; ?> @@ -787,7 +784,7 @@ if ( $t_can_manage_users ) { # from this project if ( $t_can_manage_users ) { if ( project_includes_user( $f_project_id, $t_user['id'] ) ) { - print_button( 'manage_proj_user_remove.php?project_id=' . $f_project_id . '&user_id=' . $t_user['id'] . $t_user_remove_security, lang_get( 'remove_link' ) ); + print_button( 'manage_proj_user_remove.php?project_id=' . $f_project_id . '&user_id=' . $t_user['id'], lang_get( 'remove_link' ) ); $t_removable_users_exist = true; } } @@ -813,7 +810,7 @@ if ( $t_can_manage_users ) { if ( $t_removable_users_exist ) { echo ' '; - print_button( 'manage_proj_user_remove.php?project_id=' . $f_project_id . $t_user_remove_security, lang_get( 'remove_all_link' ) ); + print_button( 'manage_proj_user_remove.php?project_id=' . $f_project_id, lang_get( 'remove_all_link' ) ); } ?> </td> diff --git a/manage_proj_page.php b/manage_proj_page.php index 529e5f1..095e631 100644 --- a/manage_proj_page.php +++ b/manage_proj_page.php @@ -185,8 +185,6 @@ <?php } - $t_category_delete_security = form_security_param( 'manage_proj_cat_delete' ); - foreach ( $t_categories as $t_category ) { $t_id = $t_category['id']; @@ -212,7 +210,7 @@ print_button( 'manage_proj_cat_edit_page.php?id=' . $t_id . '&project_id=' . $t_project_id, lang_get( 'edit_link' ) ); echo ' '; - print_button( 'manage_proj_cat_delete.php?id=' . $t_id . '&project_id=' . $t_project_id . $t_category_delete_security, lang_get( 'delete_link' ) ); + print_button( 'manage_proj_cat_delete.php?id=' . $t_id . '&project_id=' . $t_project_id, lang_get( 'delete_link' ) ); ?> </td> </tr> commit 6951bcdcfd92e7d4439d7217bc2a1f400a5f6d2a Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:12:49 2009 +1000 CSRF protection not needed in filter_api diff --git a/core/filter_api.php b/core/filter_api.php index 0c51139..b8d532c 100644 --- a/core/filter_api.php +++ b/core/filter_api.php @@ -2037,6 +2037,7 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e <br /> <form method="post" name="filters<?php echo $t_form_name_suffix?>" id="filters_form<?php echo $t_form_name_suffix?>" action="<?php echo $t_action;?>"> + <?php # CSRF protection not required here - form does not result in modifications ?> <input type="hidden" name="type" value="1" /> <?php if( $p_for_screen == false ) { @@ -3329,6 +3330,7 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e if( count( $t_stored_queries_arr ) > 0 ) { ?> <form method="get" name="list_queries<?php echo $t_form_name_suffix;?>" action="view_all_set.php"> + <?php # CSRF protection not required here - form does not result in modifications ?> <input type="hidden" name="type" value="3" /> <?php if( ON == config_get( 'use_javascript' ) ) { @@ -3348,12 +3350,14 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e <input type="submit" name="switch_to_query_button" class="button-small" value="<?php echo lang_get( 'use_query' )?>" /> </form> <form method="post" name="open_queries" action="query_view_page.php"> + <?php # CSRF protection not required here - form does not result in modifications ?> <input type="submit" name="switch_to_query_button" class="button-small" value="<?php echo lang_get( 'open_queries' )?>" /> </form> <?php } else { ?> <form method="get" name="reset_query" action="view_all_set.php"> + <?php # CSRF protection not required here - form does not result in modifications ?> <input type="hidden" name="type" value="3" /> <input type="hidden" name="source_query_id" value="-1" /> <input type="submit" name="reset_query_button" class="button-small" value="<?php echo lang_get( 'reset_query' )?>" /> @@ -3364,6 +3368,7 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e if( access_has_project_level( config_get( 'stored_query_create_threshold' ) ) ) { ?> <form method="post" name="save_query" action="query_store_page.php"> + <?php # CSRF protection not required here - form does not result in modifications ?> <input type="submit" name="save_query_button" class="button-small" value="<?php echo lang_get( 'save_query' )?>" /> </form> <?php commit 7fa5bd1a719bcd5a7b0b322233bb99f70cbd8fd5 Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:09:51 2009 +1000 CSRF protection not needed for action confirmation step diff --git a/core/helper_api.php b/core/helper_api.php index a7d7edf..31ce335 100644 --- a/core/helper_api.php +++ b/core/helper_api.php @@ -290,7 +290,8 @@ function helper_ensure_confirmed( $p_message, $p_button_label ) { echo "\n$p_message\n"; echo '<form method="post" action="' . $_SERVER['SCRIPT_NAME'] . "\">\n"; - + # CSRF protection not required here - user needs to confirm action + # before the form is accepted. print_hidden_inputs( gpc_strip_slashes( $_POST ) ); print_hidden_inputs( gpc_strip_slashes( $_GET ) ); @@ -530,4 +531,4 @@ function helper_duration_to_minutes( $p_hhmm ) { } return (int) $t_min; -} \ No newline at end of file +} commit e36500f1e1da1ffc3439a1586f4e57077a9b69b0 Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:04:42 2009 +1000 CSRF protection not needed for bug_change_status_page diff --git a/core/html_api.php b/core/html_api.php index 4bb02e3..b027ea2 100644 --- a/core/html_api.php +++ b/core/html_api.php @@ -1342,6 +1342,7 @@ function html_button_bug_change_status( $p_bug_id ) { reset( $t_enum_list ); echo "<form method=\"post\" action=\"bug_change_status_page.php\">"; + # CSRF protection not required here - form does not result in modifications $t_button_text = lang_get( 'bug_status_to_button' ); echo "<input type=\"submit\" class=\"button\" value=\"$t_button_text\" />"; commit 1831dbfb59943ec816076cc858dda80fba3a1798 Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:03:24 2009 +1000 CSRF protection not needed for set_project diff --git a/core/html_api.php b/core/html_api.php index 798fb2a..4bb02e3 100644 --- a/core/html_api.php +++ b/core/html_api.php @@ -527,6 +527,7 @@ function html_login_info() { if( $t_show_project_selector ) { echo '<form method="post" name="form_set_project" action="' . helper_mantis_url( 'set_project.php' ) . '">'; + # CSRF protection not required here - form does not result in modifications echo lang_get( 'email_project' ), ': '; if( ON == config_get( 'show_extended_project_browser' ) ) { commit 7d9420086d8eba404c643a25773d0605a3c62eac Author: David Hicks <hic...@op...> Date: Mon Jul 6 23:01:08 2009 +1000 CSRF protection not needed for login/reauthentication diff --git a/core/authentication_api.php b/core/authentication_api.php index 4c10d16..b9053f4 100644 --- a/core/authentication_api.php +++ b/core/authentication_api.php @@ -665,11 +665,12 @@ function auth_reauthenticate_page( $p_user_id, $p_username ) { ?> </p> <form method="post" action="<?php echo string_sanitize_url( $_SERVER['PHP_SELF'] );?>"> - <?php - print_hidden_inputs( gpc_strip_slashes( $_POST ) ); + # CSRF protection not required here - user needs to enter password + # (confirmation step) before the form is accepted. + print_hidden_inputs( gpc_strip_slashes( $_POST ) ); print_hidden_inputs( gpc_strip_slashes( $_GET ) ); - ?> +?> <input type="hidden" name="_authenticate" value="1" /> diff --git a/login_page.php b/login_page.php index 4946c50..faaad28 100644 --- a/login_page.php +++ b/login_page.php @@ -96,6 +96,7 @@ <br /> <div align="center"> <form name="login_form" method="post" action="login.php"> +<?php # CSRF protection not required here - form does not result in modifications ?> <table class="width50" cellspacing="1"> <tr> <td class="form-title"> commit 6d1f1a5bcc117e1f5eb58882d19b8844e17b703d Author: David Hicks <hic...@op...> Date: Mon Jul 6 22:03:49 2009 +1000 CSRF protection not needed for set_project diff --git a/login_select_proj_page.php b/login_select_proj_page.php index f80cc57..745cdfe 100644 --- a/login_select_proj_page.php +++ b/login_select_proj_page.php @@ -46,6 +46,7 @@ <br /> <div align="center"> <form method="post" action="set_project.php"> +<?php # CSRF protection not required here - form does not result in modifications ?> <table class="width50" cellspacing="1"> <tr> <td class="form-title" colspan="2"> commit 6b4fd70e195f0a65d29725a6789d1fbab50938fd Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:58:12 2009 +1000 Cleanup form token usage on manage_proj_edit_page diff --git a/manage_proj_edit_page.php b/manage_proj_edit_page.php index 876c2e6..4b80c92 100644 --- a/manage_proj_edit_page.php +++ b/manage_proj_edit_page.php @@ -552,8 +552,6 @@ if ( access_has_project_level( config_get( 'custom_field_link_threshold' ), $f_p <?php $t_index = 0; - $t_custom_field_security = form_security_field( 'manage_proj_custom_field_update' ); - foreach( $t_custom_fields as $t_field_id ) { $t_desc = custom_field_get_definition( $t_field_id ); ?> @@ -563,7 +561,7 @@ if ( access_has_project_level( config_get( 'custom_field_link_threshold' ), $f_p </td> <td> <form method="post" action="manage_proj_custom_field_update.php"> - <?php echo $t_custom_field_security ?> + <?php echo form_security_field( 'manage_proj_custom_field_update' ) ?> <input type="hidden" name="project_id" value="<?php echo $f_project_id ?>" /> <input type="hidden" name="field_id" value="<?php echo $t_field_id ?>" /> <input type="text" name="sequence" value="<?php echo custom_field_get_sequence( $t_field_id, $f_project_id ) ?>" size="2" /> commit 5d0673f0535c1b2106f5bf3d68b7e9ed5380489f Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:55:44 2009 +1000 Add CSRF protection for plugin_xml_import_action diff --git a/plugins/XmlImportExport/pages/import.php b/plugins/XmlImportExport/pages/import.php index a15fbd6..6387ef7 100644 --- a/plugins/XmlImportExport/pages/import.php +++ b/plugins/XmlImportExport/pages/import.php @@ -37,6 +37,7 @@ if( ALL_PROJECTS == $t_project_id ) { <div class="center"> <form name="file_upload" method="post" enctype="multipart/form-data" action="<?php echo plugin_page( 'import_action' )?>"> +<?php echo form_security_field( 'plugin_xml_import_action' ) ?> <input type="hidden" name="project_id" value="<?php echo $t_project_id;?>" /> diff --git a/plugins/XmlImportExport/pages/import_action.php b/plugins/XmlImportExport/pages/import_action.php index acd6fb5..6fc76bd 100644 --- a/plugins/XmlImportExport/pages/import_action.php +++ b/plugins/XmlImportExport/pages/import_action.php @@ -17,6 +17,8 @@ $t_plugin_path = config_get( 'plugin_path' ); require_once( $t_plugin_path . 'XmlImportExport' . DIRECTORY_SEPARATOR . 'ImportXml.php' ); +form_security_validate( 'plugin_xml_import_action' ); + auth_reauthenticate( ); //var_dump( $_POST ); @@ -31,6 +33,8 @@ file_ensure_uploaded( $f_file ); $importer = new ImportXML( $f_file, $f_strategy, $f_fallback, $f_keepcategory, $f_defaultcategory ); +form_security_purge( 'plugin_xml_import_action' ); + html_page_top( plugin_lang_get( 'import' ) ); print_manage_menu( 'manage_import_issues_page.php' ); commit f6e3f0f5f06f320413983fd3698a143ef5e414ab Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:47:30 2009 +1000 Add CSRF protection for print_all_bug_options_reset diff --git a/print_all_bug_options_inc.php b/print_all_bug_options_inc.php index 840969d..d514917 100644 --- a/print_all_bug_options_inc.php +++ b/print_all_bug_options_inc.php @@ -168,6 +168,7 @@ for ($i=0 ; $i <$field_name_count ; $i++) { <div class="border center"> <form method="post" action="print_all_bug_options_reset.php"> + <?php echo form_security_field( 'print_all_bug_options_reset' ) ?> <input type="submit" class="button" value="<?php echo lang_get( 'reset_prefs_button' ) ?>" /> </form> </div> diff --git a/print_all_bug_options_reset.php b/print_all_bug_options_reset.php index 961ce46..32ad555 100644 --- a/print_all_bug_options_reset.php +++ b/print_all_bug_options_reset.php @@ -30,7 +30,7 @@ require_once( 'current_user_api.php' ); require( 'print_all_bug_options_inc.php' ); - # helper_ensure_post(); + form_security_validate( 'print_all_bug_options_reset' ); auth_ensure_user_authenticated(); @@ -58,6 +58,8 @@ $result = db_query_bound( $query, Array( $t_default, $t_user_id ) ); + form_security_purge( 'print_all_bug_options_reset' ); + $t_redirect_url = 'print_all_bug_options_page.php'; html_page_top( null, $t_redirect_url ); commit a72770aa0b3a8acff6b2688d1c6ef746b3388f08 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:46:00 2009 +1000 Add CSRF protection for print_all_bug_options_update diff --git a/print_all_bug_options_inc.php b/print_all_bug_options_inc.php index a11dba8..840969d 100644 --- a/print_all_bug_options_inc.php +++ b/print_all_bug_options_inc.php @@ -123,6 +123,7 @@ function edit_printing_prefs( $p_user_id = null, $p_error_if_protected = true, $ <br /> <div align="center"> <form method="post" action="print_all_bug_options_update.php"> +<?php echo form_security_field( 'print_all_bug_options_update' ) ?> <input type="hidden" name="user_id" value="<?php echo $p_user_id ?>" /> <input type="hidden" name="redirect_url" value="<?php echo string_attribute( $p_redirect_url ) ?>" /> <table class="width75" cellspacing="1"> diff --git a/print_all_bug_options_update.php b/print_all_bug_options_update.php index cf1e339..fd407f6 100644 --- a/print_all_bug_options_update.php +++ b/print_all_bug_options_update.php @@ -27,7 +27,7 @@ require_once( 'core.php' ); require( 'print_all_bug_options_inc.php' ); - # helper_ensure_post(); + form_security_validate( 'print_all_bug_options_update' ); auth_ensure_user_authenticated(); @@ -66,6 +66,8 @@ $result = db_query_bound( $query, Array( $c_export, $t_user_id ) ); + form_security_purge( 'print_all_bug_options_update' ); + html_page_top( null, $f_redirect_url ); echo '<br /><div align="center">'; commit 18dd92c39ebf7669660d636a077389a4e14e6985 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:43:05 2009 +1000 CSRF protection not needed for print_all_bug_page diff --git a/print_all_bug_page.php b/print_all_bug_page.php index b875838..0865cb7 100644 --- a/print_all_bug_page.php +++ b/print_all_bug_page.php @@ -163,6 +163,7 @@ <br /> <form method="post" action="print_all_bug_page.php"> +<?php # CSRF protection not required here - form does not result in modifications ?> <table class="width100" cellspacing="1" cellpadding="2px"> <tr> <td class="form-title" colspan="<?php echo $t_num_of_columns / 2 + $t_num_of_columns % 2; ?>"> commit d2cd26e321857fbb21d41c0e2264b5ca8eeaae4e Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:42:14 2009 +1000 CSRF protection not needed for view_all_set diff --git a/print_all_bug_page.php b/print_all_bug_page.php index 64793b0..b875838 100644 --- a/print_all_bug_page.php +++ b/print_all_bug_page.php @@ -98,6 +98,7 @@ <br /> <form method="post" action="view_all_set.php"> +<?php # CSRF protection not required here - form does not result in modifications ?> <input type="hidden" name="type" value="1" /> <input type="hidden" name="print" value="1" /> <input type="hidden" name="offset" value="0" /> commit 90f03fc196913ea2fdfc6a0d15c54fe380ab652f Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:37:04 2009 +1000 CSRF protection not needed for view_all_set diff --git a/view_filters_page.php b/view_filters_page.php index 6b2a846..ea38623 100644 --- a/view_filters_page.php +++ b/view_filters_page.php @@ -179,6 +179,7 @@ ?> <br /> <form method="post" name="filters" action="<?php echo $t_action; ?>"> +<?php # CSRF protection not required here - form does not result in modifications ?> <input type="hidden" name="type" value="1" /> <input type="hidden" name="view_type" value="<?php echo $f_view_type; ?>" /> <?php commit b218eb1527bd92d8538c27ec01eec2427c5de7b0 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:21:53 2009 +1000 CSRF protection not needed for bug_actiongroup_page diff --git a/view_all_inc.php b/view_all_inc.php index 7d6c861..2b886db 100644 --- a/view_all_inc.php +++ b/view_all_inc.php @@ -105,6 +105,7 @@ ?> <br /> <form name="bug_action" method="get" action="bug_actiongroup_page.php"> +<?php # CSRF protection not required here - form does not result in modifications ?> <table id="buglist" class="width100" cellspacing="1"> <tr> <td class="form-title" colspan="<?php echo $col_count - 2; ?>"> commit e9031fcbae4af8111244b8a1bd590e12be69a4dc Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:08:54 2009 +1000 CSRF protection not needed for tag_update_page diff --git a/tag_view_page.php b/tag_view_page.php index 6bfb073..3fb2a3b 100644 --- a/tag_view_page.php +++ b/tag_view_page.php @@ -117,6 +117,7 @@ if ( $t_can_edit_own ) { ?> <form action="tag_update_page.php" method="post"> + <?php # CSRF protection not required here - form does not result in modifications ?> <input type="hidden" name="tag_id" value="<?php echo $f_tag_id ?>" /> <input type="submit" class="button" value="<?php echo lang_get( 'tag_update_button' ) ?>" /> </form> commit dc2233febba720be05ceb82a22e4f1c177f979ca Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:07:32 2009 +1000 Add CSRF protection for query_store diff --git a/query_store.php b/query_store.php index a085bee..6d00547 100644 --- a/query_store.php +++ b/query_store.php @@ -32,7 +32,7 @@ require_once( 'string_api.php' ); require_once( 'date_api.php' ); - # helper_ensure_post(); + form_security_validate( 'query_store' ); auth_ensure_user_authenticated(); compress_enable(); @@ -79,6 +79,8 @@ $t_new_row_id = filter_db_set_for_current_user($t_project_id, $f_is_public, $f_query_name, $t_filter_string); + form_security_purge( 'query_store' ); + if ( $t_new_row_id == -1 ) { $t_query_redirect_url = $t_query_redirect_url . '?error_msg=' . urlencode( lang_get( 'query_store_error' ) ); diff --git a/query_store_page.php b/query_store_page.php index da9b2be..2247e76 100644 --- a/query_store_page.php +++ b/query_store_page.php @@ -61,6 +61,7 @@ print lang_get( 'query_name' ) . ': '; ?> <form method="post" action="query_store.php"> + <?php echo form_security_field( 'query_store' ) ?> <input type="text" name="query_name" /><br /> <?php if ( access_has_project_level( config_get( 'stored_query_create_shared_threshold' ) ) ) { @@ -74,6 +75,7 @@ <input type="submit" class="button" value="<?php print lang_get( 'save_query' ); ?>" /> </form> <form action="view_all_bug_page.php"> + <?php # CSRF protection not required here - form does not result in modifications ?> <input type="submit" class="button" value="<?php print lang_get( 'go_back' ); ?>" /> </form> <?php commit 0e152120d0d63746efc7d6bb427f951c1c326215 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:04:44 2009 +1000 Add CSRF protection for query_delete diff --git a/query_delete.php b/query_delete.php index dab51bf..8e8f60d 100644 --- a/query_delete.php +++ b/query_delete.php @@ -32,7 +32,7 @@ require_once( 'string_api.php' ); require_once( 'date_api.php' ); - # helper_ensure_post(); + form_security_validate( 'query_delete' ); auth_ensure_user_authenticated(); compress_enable(); @@ -47,11 +47,13 @@ { html_page_top(); filter_db_delete_filter( $f_query_id ); + form_security_purge( 'query_delete' ); ?> <br /> <div align="center"> <center><b><?php print filter_db_get_name( $f_query_id ) . ' ' . lang_get( 'query_deleted' ); ?></b></center> <form method="post" action="<?php print $t_redirect_url; ?>"> + <?php # CSRF protection not required here - form does not result in modifications ?> <input type="submit" class="button" value="<?php print lang_get( 'go_back' ); ?>"/> </form> diff --git a/query_delete_page.php b/query_delete_page.php index c504e38..30fd71f 100644 --- a/query_delete_page.php +++ b/query_delete_page.php @@ -51,12 +51,14 @@ <?php echo lang_get( 'query_delete_msg' ); ?> <form method="post" action="<?php print $t_delete_url; ?>"> + <?php echo form_security_field( 'query_delete' ) ?> <br /><br /> <input type="hidden" name="source_query_id" value="<?php print $f_query_id; ?>"/> <input type="submit" class="button" value="<?php print lang_get( 'delete_query' ); ?>"/> </form> <form method="post" action="<?php print $t_redirect_url; ?>"> + <?php # CSRF protection not required here - form does not result in modifications ?> <input type="submit" class="button" value="<?php print lang_get( 'go_back' ); ?>"/> </form> commit 8a505699c7c3ae690d5f62d40b76fcb9eb9fbdf4 Author: David Hicks <hic...@op...> Date: Mon Jul 6 21:00:57 2009 +1000 Add CSRF protection for proj_doc_delete diff --git a/proj_doc_delete.php b/proj_doc_delete.php index e9faacd..0a4e4b9 100644 --- a/proj_doc_delete.php +++ b/proj_doc_delete.php @@ -25,7 +25,7 @@ */ require_once( 'core.php' ); - # helper_ensure_post(); + form_security_validate( 'proj_doc_delete' ); # Check if project documentation feature is enabled. if ( OFF == config_get( 'enable_project_documentation' ) ) { @@ -51,6 +51,8 @@ file_delete( $f_file_id, 'project' ); + form_security_purge( 'proj_doc_delete' ); + $t_redirect_url = 'proj_doc_page.php'; html_page_top( null, $t_redirect_url ); diff --git a/proj_doc_edit_page.php b/proj_doc_edit_page.php index 5a1f29a..3a308df 100644 --- a/proj_doc_edit_page.php +++ b/proj_doc_edit_page.php @@ -125,6 +125,7 @@ <br /> <form method="post" action="proj_doc_delete.php"> + <?php echo form_security_field( 'proj_doc_delete' ) ?> <input type="hidden" name="file_id" value="<?php echo... [truncated message content] |