security issue

This commit is contained in:
Maryana Rozhankivska 2014-07-24 16:48:41 +03:00
parent 6da20812ce
commit 7dd8b5026d
2 changed files with 45 additions and 42 deletions

View file

@ -750,8 +750,8 @@ class Poche
die(sprintf(_('User with this id (%d) does not exist.'), $user_id));
}
if (!in_array($type, $allowed_types) || $token != $config['token']) {
die(_('Uh, there is a problem while generating feeds.'));
if (!in_array($type, $allowed_types) || !isset($config['token']) || $token != $config['token']) {
die(_('Uh, there is a problem while generating feed. Wrong token used?'));
}
$feed = new FeedWriter(RSS2);

21
inc/poche/Routing.class.php Normal file → Executable file
View file

@ -98,9 +98,17 @@ class Routing
private function _launchAction()
{
if (isset($_GET['login'])) {
// hello you
// hello to you
$this->wallabag->login($this->referer);
} elseif (isset($_GET['logout'])) {
} elseif (isset($_GET['feed']) && isset($_GET['user_id'])) {
$tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
$this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
}
//allowed ONLY to logged in user
if ( \Session::isLogged() === true )
{
if (isset($_GET['logout'])) {
// see you soon !
$this->wallabag->logout();
} elseif (isset($_GET['config'])) {
@ -128,20 +136,15 @@ class Routing
$this->wallabag->language->updateLanguage($_POST['language']);
} elseif (isset($_GET['uploadfile'])) {
$this->wallabag->uploadFile();
} elseif (isset($_GET['feed'])) {
if (isset($_GET['action']) && $_GET['action'] == 'generate') {
} elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') {
$this->wallabag->updateToken();
}
else {
$tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
$this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
}
}
elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
$plainUrl = new Url(base64_encode($_GET['plainurl']));
$this->wallabag->action('add', $plainUrl);
}
}
}
public function _render($file, $vars)
{