diff --git a/web/html/account.php b/web/html/account.php index ce3f777e..b0906d91 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -74,13 +74,13 @@ if (isset($_COOKIE["AURSID"])) { } elseif ($action == "UpdateAccount") { # user is submitting their modifications to an existing account # - process_account_form($atype, "edit", "UpdateAccount", - in_request("U"), in_request("T"), in_request("S"), - in_request("E"), in_request("P"), in_request("C"), - in_request("R"), in_request("L"), in_request("I"), - in_request("K"), in_request("ID")); - - + if (check_token()) { + process_account_form($atype, "edit", "UpdateAccount", + in_request("U"), in_request("T"), in_request("S"), + in_request("E"), in_request("P"), in_request("C"), + in_request("R"), in_request("L"), in_request("I"), + in_request("K"), in_request("ID")); + } } else { if ($atype == "Trusted User" || $atype == "Developer") { # display the search page if they're a TU/dev diff --git a/web/html/addvote.php b/web/html/addvote.php index dd1f47b2..d3bd7d4b 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -19,7 +19,11 @@ if (isset($_COOKIE["AURSID"])) { if ($atype == "Trusted User" || $atype == "Developer") { - if (!empty($_POST['addVote'])) { + if (!empty($_POST['addVote']) && !check_token()) { + $error = __("Invalid token for user action."); + } + + if (!empty($_POST['addVote']) && check_token()) { $error = ""; if (!empty($_POST['user'])) { @@ -79,6 +83,7 @@ if ($atype == "Trusted User" || $atype == "Developer") {

+ " />

diff --git a/web/html/packages.php b/web/html/packages.php index aa1d04ca..ec76e41a 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -38,46 +38,48 @@ if (isset($_POST['IDs'])) { # Determine what action to do $output = ""; -if (current_action("do_Flag")) { - $output = pkg_flag($atype, $ids, true); -} elseif (current_action("do_UnFlag")) { - $output = pkg_flag($atype, $ids, False); -} elseif (current_action("do_Adopt")) { - $output = pkg_adopt($atype, $ids, true); -} elseif (current_action("do_Disown")) { - $output = pkg_adopt($atype, $ids, False); -} elseif (current_action("do_Vote")) { - $output = pkg_vote($atype, $ids, true); -} elseif (current_action("do_UnVote")) { - $output = pkg_vote($atype, $ids, False); -} elseif (current_action("do_Delete")) { - if (isset($_POST['confirm_Delete'])) { - if (!isset($_POST['merge_Into']) || empty($_POST['merge_Into'])) { - $output = pkg_delete($atype, $ids, NULL); - unset($_GET['ID']); - } - else { - $mergepkgid = pkgid_from_name($_POST['merge_Into']); - if ($mergepkgid) { - $output = pkg_delete($atype, $ids, $mergepkgid); +if (check_token()) { + if (current_action("do_Flag")) { + $output = pkg_flag($atype, $ids, true); + } elseif (current_action("do_UnFlag")) { + $output = pkg_flag($atype, $ids, False); + } elseif (current_action("do_Adopt")) { + $output = pkg_adopt($atype, $ids, true); + } elseif (current_action("do_Disown")) { + $output = pkg_adopt($atype, $ids, False); + } elseif (current_action("do_Vote")) { + $output = pkg_vote($atype, $ids, true); + } elseif (current_action("do_UnVote")) { + $output = pkg_vote($atype, $ids, False); + } elseif (current_action("do_Delete")) { + if (isset($_POST['confirm_Delete'])) { + if (!isset($_POST['merge_Into']) || empty($_POST['merge_Into'])) { + $output = pkg_delete($atype, $ids, NULL); unset($_GET['ID']); } else { - $output = __("Cannot find package to merge votes and comments into."); + $mergepkgid = pkgid_from_name($_POST['merge_Into']); + if ($mergepkgid) { + $output = pkg_delete($atype, $ids, $mergepkgid); + unset($_GET['ID']); + } + else { + $output = __("Cannot find package to merge votes and comments into."); + } } } + else { + $output = __("The selected packages have not been deleted, check the confirmation checkbox."); + } + } elseif (current_action("do_Notify")) { + $output = pkg_notify($atype, $ids); + } elseif (current_action("do_UnNotify")) { + $output = pkg_notify($atype, $ids, False); + } elseif (current_action("do_DeleteComment")) { + $output = pkg_delete_comment($atype); + } elseif (current_action("do_ChangeCategory")) { + $output = pkg_change_category($atype); } - else { - $output = __("The selected packages have not been deleted, check the confirmation checkbox."); - } -} elseif (current_action("do_Notify")) { - $output = pkg_notify($atype, $ids); -} elseif (current_action("do_UnNotify")) { - $output = pkg_notify($atype, $ids, False); -} elseif (current_action("do_DeleteComment")) { - $output = pkg_delete_comment($atype); -} elseif (current_action("do_ChangeCategory")) { - $output = pkg_change_category($atype); } html_header($title); diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 737812e1..65e2f6db 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -27,6 +27,11 @@ if ($uid): if (isset($_REQUEST['pkgsubmit'])) { + # Make sure authenticated user submitted the package themselves + if (!check_token()) { + $error = __("Invalid token for user action."); + } + # Before processing, make sure we even have a file switch($_FILES['pfile']['error']) { case UPLOAD_ERR_INI_SIZE: @@ -428,6 +433,7 @@ html_header("Submit");
+

diff --git a/web/html/tu.php b/web/html/tu.php index 48cd6c10..86199039 100644 --- a/web/html/tu.php +++ b/web/html/tu.php @@ -49,7 +49,7 @@ if ($atype == "Trusted User" || $atype == "Developer") { } if ($canvote == 1) { - if (isset($_POST['doVote'])) { + if (isset($_POST['doVote']) && check_token()) { if (isset($_POST['voteYes'])) { $myvote = "Yes"; } else if (isset($_POST['voteNo'])) { diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 59f499e0..a41a4e7d 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -624,7 +624,7 @@ function user_suspended($id, $dbh=NULL) { $result = db_query($q, $dbh); if ($result) { $row = mysql_fetch_row($result); - if ($result[0] == 1 ) { + if ($row[0]) { return true; } } diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 5a70e771..1a6164ed 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -75,6 +75,16 @@ function check_sid($dbh=NULL) { return; } +# Verify the supplied token matches the expected token for POST forms +# +function check_token() { + if (isset($_POST['token'])) { + return ($_POST['token'] == $_COOKIE['AURSID']); + } else { + return false; + } +} + # verify that an email address looks like it is legitimate # function valid_email($addy) { diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 6d2f01f2..0009b93b 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -395,7 +395,7 @@ function package_details($id=0, $SID="", $dbh=NULL) { # Actions Bar if ($SID) { include('actions_form.php'); - if (isset($_REQUEST['comment'])) { + if (isset($_REQUEST['comment']) && check_token()) { $uid = uid_from_sid($SID, $dbh); add_package_comment($id, $uid, $_REQUEST['comment'], $dbh); } diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php index 32379a70..c32eb94d 100644 --- a/web/template/account_edit_form.php +++ b/web/template/account_edit_form.php @@ -3,6 +3,7 @@ +

diff --git a/web/template/actions_form.php b/web/template/actions_form.php index e5ab7c2e..ff0fd4e5 100644 --- a/web/template/actions_form.php +++ b/web/template/actions_form.php @@ -3,6 +3,7 @@
+ " /> diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index 8430a89c..95d2cb05 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -3,12 +3,13 @@
' . __('Comment has been added.') . '

'; } ?>
+

diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index 4e9dfa35..02f49633 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -18,6 +18,7 @@ $count = package_comments_count($_GET['ID']);

+
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index 023fef11..b41fdede 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -60,6 +60,9 @@ if ($SID && ($uid == $row["MaintainerUID"] ||
+ + + + " />

diff --git a/web/template/tu_details.php b/web/template/tu_details.php index 33e87a85..38015e1e 100644 --- a/web/template/tu_details.php +++ b/web/template/tu_details.php @@ -67,6 +67,7 @@ " /> " /> +