From d7554c0bb25241c1299af28785878d31ad02dbad Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 17 Jan 2010 10:52:59 +0100
Subject: [PATCH] Added CRSF security token checks in ACL plugin
---
lib/plugins/acl/admin.php | 12 ++++++++----
lib/plugins/acl/ajax.php | 4 ++--
lib/plugins/acl/script.js | 3 ++-
3 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index 59671a0cb..a3fb4636d 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -31,7 +31,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
return array(
'author' => 'Andreas Gohr',
'email' => 'andi@splitbrain.org',
- 'date' => '2009-08-07',
+ 'date' => '2010-01-17',
'name' => 'ACL Manager',
'desc' => 'Manage Page Access Control Lists',
'url' => 'http://dokuwiki.org/plugin:acl',
@@ -67,6 +67,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
// fresh 1:1 copy without replacements
$AUTH_ACL = file(DOKU_CONF.'acl.auth.php');
+
// namespace given?
if($_REQUEST['ns'] == '*'){
$this->ns = '*';
@@ -89,7 +90,8 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
}
// handle modifications
- if(isset($_REQUEST['cmd'])){
+ if(isset($_REQUEST['cmd']) && checkSecurityToken()){
+
// scope for modifications
if($this->ns){
if($this->ns == '*'){
@@ -310,6 +312,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL;
echo '<input type="hidden" name="do" value="admin" />'.NL;
echo '<input type="hidden" name="page" value="acl" />'.NL;
+ echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL;
echo '</div></form>'.NL;
}
@@ -480,11 +483,11 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
$alt = '+';
}
$ret .= '<img src="'.$img.'" alt="'.$alt.'" />';
- $ret .= '<a href="'.wl('',$this->_get_opts(array('ns'=>$item['id']))).'" class="idx_dir'.$cl.'">';
+ $ret .= '<a href="'.wl('',$this->_get_opts(array('ns'=>$item['id'],'sectok'=>getSecurityToken()))).'" class="idx_dir'.$cl.'">';
$ret .= $base;
$ret .= '</a>';
}else{
- $ret .= '<a href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>''))).'" class="wikilink1'.$cl.'">';
+ $ret .= '<a href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>'','sectok'=>getSecurityToken()))).'" class="wikilink1'.$cl.'">';
$ret .= noNS($item['id']);
$ret .= '</a>';
}
@@ -562,6 +565,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
echo '<input type="hidden" name="acl_w" value="'.hsc($this->who).'" />'.NL;
echo '<input type="hidden" name="do" value="admin" />'.NL;
echo '<input type="hidden" name="page" value="acl" />'.NL;
+ echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'.NL;
echo '<table class="inline">';
echo '<tr>';
echo '<th>'.$this->getLang('where').'</th>';
diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php
index e383f0d35..d3e88d932 100644
--- a/lib/plugins/acl/ajax.php
+++ b/lib/plugins/acl/ajax.php
@@ -19,11 +19,11 @@ require_once(DOKU_INC.'inc/auth.php');
//close session
session_write_close();
-if(!auth_isadmin()) die('forbidden');
+if(!auth_isadmin()) die('for admins only');
+if(!checkSecurityToken()) die('CRSF Attack');
$ID = getID();
-if(!auth_isadmin) die('for admins only');
require_once(DOKU_INC.'inc/pluginutils.php');
require_once(DOKU_INC.'inc/html.php');
$acl = plugin_load('admin','acl');
diff --git a/lib/plugins/acl/script.js b/lib/plugins/acl/script.js
index 7ab83db58..449a3c16a 100644
--- a/lib/plugins/acl/script.js
+++ b/lib/plugins/acl/script.js
@@ -48,7 +48,8 @@ acl = {
data[1] = ajax.encVar('id',frm.elements['id'].value);
data[2] = ajax.encVar('acl_t',frm.elements['acl_t'].value);
data[3] = ajax.encVar('acl_w',frm.elements['acl_w'].value);
- data[4] = ajax.encVar('ajax','info');
+ data[4] = ajax.encVar('sectok',frm.elements['sectok'].value);
+ data[5] = ajax.encVar('ajax','info');
ajax.elementObj = $('acl__info');
--
GitLab