external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
aurweb/web/template/tu_details.php
canyonknight 2c93f0a98f Implement token system to fix CSRF vulnerabilities 
Specially crafted pages can force authenticated users to unknowingly perform
actions on the AUR website despite being on an attacker's website. This
cross-site request forgery (CSRF) vulnerability applies to all POST data on
the AUR.

Implement a token system using a double submit cookie. Have a hidden form
value on every page containing POST forms. Use the newly added check_token() to
verify the token sent via POST matches the "AURSID" cookie value. Random
nature of the token limits potential for CSRF.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-06-24 10:59:23 +02:00

79 lines
3 KiB
PHP
Raw Blame History

<div class="pgbox">
<div class="pgboxtitle"><span class="f3"><?php print __("Proposal Details") ?></span></div>
<div class="pgboxbody">
<?php
if ($isrunning == 1) { ?>
<p style='font-weight: bold; color: red'>
<?php print __("This vote is still running.") ?>
</p>
<?php
} ?>
<p>
<?php echo __('User') ?>: <b>
<?php if (!empty($row['User'])) { ?>
<a href='packages.php?K=<?php print $row['User'] ?>&amp;SeB=m'><?php print $row['User'] ?></a>
<?php } else { ?>
N/A
<?php } ?>
</b><br />
<?php print __("Submitted: %s by %s", "<b>" . gmdate("r", $row['Submitted']) . "</b>", "<b>" . username_from_id($row['SubmitterID']) . "</b>") ?><br />
<?php print __('End') ?>: <b><?php print gmdate("r", $row['End']) ?></b></p>
<p>
<?php print str_replace("\n", "<br />\n", htmlspecialchars($row['Agenda'])) ?>
</p>
<table class="boxSoft" width='100%' cellspacing='0' cellpadding='2'>
<tr>
<th style='border-bottom: #666 1px solid; vertical-align: bottom'><span class='f2'><?php print __("Yes") ?></span></th>
<th style='border-bottom: #666 1px solid; vertical-align: bottom'><span class='f2'><?php print __("No") ?></span></th>
<th style='border-bottom: #666 1px solid; vertical-align: bottom'><span class='f2'><?php print __("Abstain") ?></span></th>
<th style='border-bottom: #666 1px solid; vertical-align: bottom'><span class='f2'><?php print __("Total") ?></span></th>
<th style='border-bottom: #666 1px solid; vertical-align: bottom'><span class='f2'><?php print __('Voted') ?></span></th>
</tr>
<tr>
<td class='data1'><span class='f5'><span class='blue'><?php print $row['Yes'] ?></span></span></td>
<td class='data1'><span class='f5'><span class='blue'><?php print $row['No'] ?></span></span></td>
<td class='data1'><span class='f5'><span class='blue'><?php print $row['Abstain'] ?></span></span></td>
<td class='data1'><span class='f5'><span class='blue'><?php print ($row['Yes'] + $row['No'] + $row['Abstain']) ?></span></span></td>
<td class='data1'><span class='f5'><span class='blue'>
<?php if ($hasvoted == 0) { ?>
<span style='color: red; font-weight: bold'><?php print __("No") ?></span>
<?php } else { ?>
<span style='color: green; font-weight: bold'><?php print __("Yes") ?></span>
<?php } ?>
</span></span></td>
</tr>
</table>
</div></div>
<?php
if (!$isrunning) { ?>
<div class="pgbox">
<div class="pgboxtitle">
<span class="f3"><?php echo __('Voters'); ?></span>
</div>
<div class="pgboxbody">
<?php echo $whovoted; ?>
</div>
</div>
<?php
} ?>
<div class='pgbox'>
<div class='pgboxbody'>
<?php if ($canvote == 1) { ?>
<form action='tu.php?id=<?php print $row['ID'] ?>' method='post'>
<fieldset>
<input type='submit' class='button' name='voteYes' value='<?php print __("Yes") ?>' />
<input type='submit' class='button' name='voteNo' value='<?php print __("No") ?>' />
<input type='submit' class='button' name='voteAbstain' value='<?php print __("Abstain") ?>' />
<input type='hidden' name='doVote' value='1' />
<input type='hidden' name='token' value='<?php print htmlspecialchars($_COOKIE['AURSID']) ?>' />
</fieldset>
</form>
<?php } else { ?>
<?php print $errorvote ?>
<?php } ?>
</div></div>
Reference in a new issue View git blame Copy permalink