csrf protection

diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php
index b6cdd601d663f4556c1f76aef5ac4a024209ae62..2b87a1eb1115fb9654b7999ddb8bb8ee95729467 100644 (file)
--- a/core/lostpassword/index.php
+++ b/core/lostpassword/index.php
@@ -9,13 +9,14 @@
 $RUNTIME_NOAPPS = TRUE; //no apps
 require_once('../../lib/base.php');
 
+
 // Someone lost their password:
 if (isset($_POST['user'])) {
        if (OC_User::userExists($_POST['user'])) {
                $token = sha1($_POST['user'].md5(uniqid(rand(), true)));
                OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
                $email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
-               if (!empty($email)) {
+               if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and ($_POST['sectoken']==$_SESSION['sectoken']) ) {
                        $link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php').'?user='.$_POST['user'].'&token='.$token;
                        $tmpl = new OC_Template('core/lostpassword', 'email');
                        $tmpl->assign('link', $link);
@@ -23,14 +24,20 @@ if (isset($_POST['user'])) {
                        $l = OC_L10N::get('core');
                        $from = 'lostpassword-noreply@' . $_SERVER['HTTP_HOST'];
                        $r=mail($email, $l->t('Owncloud password reset'), $msg, 'From:' . $from);
-//if($r==false) echo('error'); else echo('works!!!!!!!');
-                       OC_MAIL::send($email,$_POST['user'],$l->t('Owncloud password reset'),$msg,$from,'ownCloud');
+                       OC_MAIL::send($email,$_POST['user'],$l->t('ownCloud password reset'),$msg,$from,'ownCloud');
+                       echo('sent');
 
                }
-               OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true));
+               $sectoken=rand(1000000,9999999);
+               $_SESSION['sectoken']=$sectoken;
+               OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true, 'sectoken' => $sectoken));
        } else {
-               OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false));
+               $sectoken=rand(1000000,9999999);
+               $_SESSION['sectoken']=$sectoken;
+               OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false, 'sectoken' => $sectoken));
        }
 } else {
-       OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false));
+       $sectoken=rand(1000000,9999999);
+       $_SESSION['sectoken']=$sectoken;
+       OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false, 'sectoken' => $sectoken));
 }

diff --git a/core/lostpassword/templates/lostpassword.php b/core/lostpassword/templates/lostpassword.php
index 4b871963b8055fbc6159ba0b8dcb595acd51da42..754eabdad678b200ceb89e47ceae8993b1dac3e1 100644 (file)
--- a/core/lostpassword/templates/lostpassword.php
+++ b/core/lostpassword/templates/lostpassword.php
@@ -10,6 +10,7 @@
                        <p class="infield">
                                <label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label>
                                <input type="text" name="user" id="user" value="" autocomplete="off" required autofocus />
+                               <input type="hidden" name="sectoken" id="sectoken" value="<?php echo($_['sectoken']); ?>"  />
                        </p>
                        <input type="submit" id="submit" value="<?php echo $l->t('Request reset'); ?>" />
                <?php endif; ?>