r51895 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r51894‎ \| r51895 \| r51896 >
Date:	12:38, 15 June 2009
Author:	jojo
Status:	ok
Tags:
Comment:	added token to save collection form to prevent CSRF
Modified paths:	/trunk/extensions/Collection/Collection.body.php (modified) (history) /trunk/extensions/Collection/Collection.templates.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Collection/Collection.body.php
—	—	@@ -166,6 +166,9 @@
167	167	$wgOut->redirect( SkinTemplate::makeSpecialUrl( 'Book' ) );
168	168	return;
169	169	}
	170	+ if ( !$wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) {
	171	+ return;
	172	+ }
170	173	$colltype = $wgRequest->getVal( 'colltype' );
171	174	if ( $colltype == 'personal' ) {
172	175	$collname = $wgRequest->getVal( 'pcollname' );
Index: trunk/extensions/Collection/Collection.templates.php
—	—	@@ -178,6 +178,7 @@
179	179	<tr><td> </td><td style="text-align:right;">
180	180	<input id="saveButton" type="submit" value="<?php $this->msg('coll-save_collection') ?>"<?php if (count($this->data['collection']['items']) == 0) { ?> disabled="disabled"<?php } ?> />
181	181	</tr></tbody></table>
	182	+ <input name="token" type="hidden" value="<?php echo htmlspecialchars($GLOBALS['wgUser']->editToken()) ?>" />
182	183	</form>
183	184
184	185	<?php } else {
—	—	@@ -304,7 +305,7 @@
305	306	<input name="overwrite" type="submit" value="<?php $this->msg('coll-overwrite') ?>" />
306	307	<input name="append" type="submit" value="<?php $this->msg('coll-append') ?>" />
307	308	<input name="cancel" type="submit" value="<?php $this->msg('coll-cancel') ?>" />
308		~~- <input name="colltitle" type="hidden" value="<?php echo htmlspecialchars($this->data['title']->getPrefixedText()) ?>" />~~
	309	+ <input name="colltitle" type="hidden" value="<?php echo htmlspecialchars($this->data['title']->getPrefixedText()) ?>" />
309	310	</form>
310	311
311	312	<?php
—	—	@@ -329,6 +330,7 @@
330	331	<input name="pcollname" type="hidden" value="<?php echo htmlspecialchars($this->data['pcollname']) ?>" />
331	332	<input name="ccollname" type="hidden" value="<?php echo htmlspecialchars($this->data['ccollname']) ?>" />
332	333	<input name="colltype" type="hidden" value="<?php echo htmlspecialchars($this->data['colltype']) ?>" />
	334	+ <input name="token" type="hidden" value="<?php echo htmlspecialchars($GLOBALS['wgUser']->editToken()) ?>" />
333	335	</form>
334	336
335	337	<?php

Status & tagging log

23:42, 15 June 2009 Tim Starling (talk | contribs) changed the status of r51895 [removed: new added: ok]