james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

use config.php as CSRF salt

Browse Source
This commit is contained in:
Shish 2010-09-22 13:20:08 +01:00
parent 1e04df7765
commit dfef932463
4 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/user.class.php
View File

@ -168,8 +168,9 @@ class User {
*/
public function get_auth_token() {
global $config;
$salt = file_get_contents("config.php");
$addr = get_session_ip($config);
return md5(md5($this->passhash . $addr) . "salty-csrf");
return md5(md5($this->passhash . $addr) . "salty-csrf-" . $salt);
}
public function get_auth_html() {

2
core/util.inc.php
View File

@ -226,7 +226,7 @@ function make_form($target, $method="POST", $multipart=False) {
$auth = $user->get_auth_html();
$extra = "";
if($multipart) {
$extra .= " enctype='multipart/form-data'"
$extra .= " enctype='multipart/form-data'";
}
return "<form action='$target' method='$method'$extra>$auth";
}

2
ext/alias_editor/theme.php
View File

@ -60,7 +60,7 @@ class AliasEditorTheme extends Themelet {
";
$bulk_html = "
".make_form(make_link("alias/import"), multipart=True)."
".make_form(make_link("alias/import"), $multipart=True)."
<input type='file' name='alias_file'>
<input type='submit' value='Upload List'>
</form>

4
ext/upload/theme.php
View File

@ -50,7 +50,7 @@ class UploadTheme extends Themelet {
});
});
</script>
".make_form(make_link("upload"), multipart=True)."
".make_form(make_link("upload"), $multipart=True)."
<table id='large_upload_form'>
$upload_list
<tr><td>Tags</td><td colspan='3'><input id='tag_box' name='tags' type='text'></td></tr>
@ -120,7 +120,7 @@ class UploadTheme extends Themelet {
});
});
</script>
".make_form(make_link("upload"), multipart=True)."
".make_form(make_link("upload"), $multipart=True)."
$upload_list
<input id='tag_input' name='tags' type='text' autocomplete='off'>
<input type='submit' value='Post'>