some more csrf fixes

diff --git a/core/templates/login.php b/core/templates/login.php
index 4ba92221a7d43a01a9fe48920d5aaa1a9b0e7189..4035dfe8a5af4204e8c5280d66c2e2680938c065 100644 (file)
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -12,6 +12,7 @@
                <p class="infield">
                        <label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
                        <input type="password" name="password" id="password" value="" required <?php echo !empty($_POST['user'])?'autofocus':''; ?> />
+                       <input type="hidden" name="sectoken" id="sectoken" value="<?php echo($_['sectoken']); ?>"  />
                </p>
                <input type="checkbox" name="remember_login" value="1" id="remember_login" /><label for="remember_login"><?php echo $l->t('remember'); ?></label>
                <input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Log in' ); ?>" />

diff --git a/index.php b/index.php
index b4cac1879c6797f177e00dc6cad769f90f73b268..9fff459807e1641fc23d096ec11f7423419a18f3 100644 (file)
--- a/index.php
+++ b/index.php
@@ -59,10 +59,9 @@ elseif(OC_User::isLoggedIn()) {
        else {
                OC_Util::redirectToDefaultPage();
        }
-}
 
 // For all others cases, we display the guest page :
-else {
+} else {
        OC_App::loadApps();
        $error = false;
 
@@ -80,10 +79,9 @@ else {
                else {
                        OC_User::unsetMagicInCookie();
                }
-       }
 
        // Someone wants to log in :
-       elseif(isset($_POST["user"]) && isset($_POST['password'])) {
+       } elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {
                if(OC_User::login($_POST["user"], $_POST["password"])) {
                        if(!empty($_POST["remember_login"])){
                                if(defined("DEBUG") && DEBUG) {
@@ -100,9 +98,9 @@ else {
                } else {
                        $error = true;
                }
-       }
+       
        // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
-       elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
+       } elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
                if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"]))  {
                        //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
                        OC_User::unsetMagicInCookie();
@@ -111,5 +109,7 @@ else {
                        $error = true;
                }
        }
-       OC_Template::printGuestPage('', 'login', array('error' => $error, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
+       $sectoken=rand(1000000,9999999);
+       $_SESSION['sectoken']=$sectoken;
+       OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
 }

diff --git a/lib/util.php b/lib/util.php
index ec70fd91cb5b6232a0379718ed221a28ffe106d0..29d0691a63dbca3a59d138e0999a779f78808cda 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -253,6 +253,9 @@ class OC_Util {
                } else {
                        $parameters["username"] = '';
                }
+               $sectoken=rand(1000000,9999999);
+               $_SESSION['sectoken']=$sectoken;
+               $parameters["sectoken"] = $sectoken;
                OC_Template::printGuestPage("", "login", $parameters);
        }