james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

use config.php as CSRF salt

Browse Source
This commit is contained in:
Shish 2010-09-22 13:20:08 +01:00
parent 1e04df7765
commit dfef932463
4 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/user.class.php
View File

@ -168,8 +168,9 @@ class User {
*/ */
public function get_auth_token() { public function get_auth_token() {
global $config; global $config;
$salt = file_get_contents("config.php");
$addr = get_session_ip($config); $addr = get_session_ip($config);
return md5(md5($this->passhash . $addr) . "salty-csrf"); return md5(md5($this->passhash . $addr) . "salty-csrf-" . $salt);
} }
public function get_auth_html() { public function get_auth_html() {

2
core/util.inc.php
View File

@ -226,7 +226,7 @@ function make_form($target, $method="POST", $multipart=False) {
$auth = $user->get_auth_html(); $auth = $user->get_auth_html();
$extra = ""; $extra = "";
if($multipart) { if($multipart) {
$extra .= " enctype='multipart/form-data'" $extra .= " enctype='multipart/form-data'";
} }
return "<form action='$target' method='$method'$extra>$auth"; return "<form action='$target' method='$method'$extra>$auth";
} }

2
ext/alias_editor/theme.php
View File

@ -60,7 +60,7 @@ class AliasEditorTheme extends Themelet {
"; ";
$bulk_html = " $bulk_html = "
".make_form(make_link("alias/import"), multipart=True)." ".make_form(make_link("alias/import"), $multipart=True)."
<input type='file' name='alias_file'> <input type='file' name='alias_file'>
<input type='submit' value='Upload List'> <input type='submit' value='Upload List'>
</form> </form>

4
ext/upload/theme.php
View File

@ -50,7 +50,7 @@ class UploadTheme extends Themelet {
}); });
}); });
</script> </script>
".make_form(make_link("upload"), multipart=True)." ".make_form(make_link("upload"), $multipart=True)."
<table id='large_upload_form'> <table id='large_upload_form'>
$upload_list $upload_list
<tr><td>Tags</td><td colspan='3'><input id='tag_box' name='tags' type='text'></td></tr> <tr><td>Tags</td><td colspan='3'><input id='tag_box' name='tags' type='text'></td></tr>
@ -120,7 +120,7 @@ class UploadTheme extends Themelet {
}); });
}); });
</script> </script>
".make_form(make_link("upload"), multipart=True)." ".make_form(make_link("upload"), $multipart=True)."
$upload_list $upload_list
<input id='tag_input' name='tags' type='text' autocomplete='off'> <input id='tag_input' name='tags' type='text' autocomplete='off'>
<input type='submit' value='Post'> <input type='submit' value='Post'>