mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1010 Wiki Activity
Browse Source

Add CSRF check on login and logout 

This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it.
tags/v7.0.0alpha2
Lukas Reschke 10 years ago
parent
9385b97b5f
commit
73b914ddbc
3 changed files with 6 additions and 1 deletions
Unified View Show Diff Stats
  1. 3
    0
      core/templates/login.php
  2. 2
    0
      lib/base.php
  3. 1
    1
      lib/private/user.php

+ 3
- 0
core/templates/login.php View File

<?php /** @var $l OC_L10N */ ?>

<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]--> <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form method="post" name="login"> <form method="post" name="login">
<fieldset> <fieldset>
<label for="remember_login"><?php p($l->t('remember')); ?></label> <label for="remember_login"><?php p($l->t('remember')); ?></label>
<?php endif; ?> <?php endif; ?>
<input type="hidden" name="timezone-offset" id="timezone-offset"/> <input type="hidden" name="timezone-offset" id="timezone-offset"/>
<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
<input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>"/> <input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>"/>
</fieldset> </fieldset>
</form> </form>

+ 2
- 0
lib/base.php View File

OC_App::loadApps(); OC_App::loadApps();
OC_User::setupBackends(); OC_User::setupBackends();
if (isset($_GET["logout"]) and ($_GET["logout"])) { if (isset($_GET["logout"]) and ($_GET["logout"])) {
OC_JSON::callCheck();
if (isset($_COOKIE['oc_token'])) { if (isset($_COOKIE['oc_token'])) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
} }
return false; return false;
} }


OC_JSON::callCheck();
OC_App::loadApps(); OC_App::loadApps();


//setup extra user backends //setup extra user backends

+ 1
- 1
lib/private/user.php View File

return $backend->getLogoutAttribute(); return $backend->getLogoutAttribute();
} }


return 'href="' . link_to('', 'index.php') . '?logout=true"';
return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . OC_Util::callRegister() . '"';
} }


/** /**

Write Preview
Loading…
Cancel
Save