From cf3180f6b8c552bbf7214d1ba72fbf1fc90ef861 Mon Sep 17 00:00:00 2001 From: nicosomb Date: Mon, 15 Apr 2013 14:09:58 +0200 Subject: [PATCH] =?UTF-8?q?v=C3=A9rificatio=20CSRF=20et=20mise=20en=20page?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- css/style.css | 50 +++++++++++++++++++++++++++++++++++++---------- inc/config.php | 10 +++++++++- inc/functions.php | 30 +++++++++++++++++++++++++--- index.php | 13 ++++++++---- js/poche.js | 8 ++++---- process.php | 45 ++++++++++++++++++++++-------------------- tpl/home.html | 10 ++++++---- tpl/view.html | 8 +++++--- view.php | 1 + 9 files changed, 125 insertions(+), 50 deletions(-) diff --git a/css/style.css b/css/style.css index 959a411a6..d77fb9e70 100644 --- a/css/style.css +++ b/css/style.css @@ -65,6 +65,16 @@ footer { cursor: pointer; } +input[type=submit].delete { + background : url('../img/delete.png') no-repeat center center; + width : 16px; + height :16px; + border : none; + color : transparent; + cursor: pointer; + font-size : 0; +} + #main #content { margin-top: 20px; } @@ -77,13 +87,15 @@ footer { min-height: 8em; -webkit-border-radius: 2px; border-radius: 2px; - -webkit-box-shadow: 0px 0px 2px -1px #000; - box-shadow: 0px 0px 2px -1px #000; + -webkit-box-shadow: 0px 0px 6px -1px #000; + box-shadow: 0px 0px 6px -1px #000; width: 30%; margin: 10px; float: left; } - +#main .entrie h2 { + width: 95%; +} #main .entrie h2 a { text-decoration: none; } @@ -92,20 +104,38 @@ footer { color: #F5BE00; } -#main .entrie .tools { - position:absolute; - bottom: 0; - width: 100%; +.tools { + position: absolute; + top: 20px; + right: 20px; + width: 30px; text-align: right; - margin-left: -20px; +} + +.tools ul { + padding: 0; margin: 0; + list-style-type: none; +} + +.tools ul li { + line-height: 20px; +} + +.tools a.tool { + cursor: pointer; } #article .tools { + position: relative; display: inline; + top: 0px; + right: 0px; + width: 100%; + text-align: left; } -#article .tools a.tool { - cursor: pointer; +#article.tools ul li{ + display: inline; } #main .entrie .tools a.tool span, #article .tools a.tool span { diff --git a/inc/config.php b/inc/config.php index 29a22507c..84b86998d 100644 --- a/inc/config.php +++ b/inc/config.php @@ -22,4 +22,12 @@ raintpl::$cache_dir = './cache/'; raintpl::$base_url = get_poche_url(); raintpl::configure('path_replace', false); raintpl::configure('debug', false); -$tpl = new raintpl(); \ No newline at end of file +$tpl = new raintpl(); + +session_start(); + +if (!isset($_SESSION['token_poche'])) { + $token = md5(uniqid(rand(), TRUE)); + $_SESSION['token_poche'] = $token; + $_SESSION['token_time_poche'] = time(); +} \ No newline at end of file diff --git a/inc/functions.php b/inc/functions.php index 45828bf2b..30e00393c 100755 --- a/inc/functions.php +++ b/inc/functions.php @@ -125,7 +125,7 @@ function prepare_url($url) /** * Appel d'une action (mark as fav, archive, delete) */ -function action_to_do($action, $id) +function action_to_do($action, $id, $url, $token) { global $db; @@ -140,8 +140,11 @@ function action_to_do($action, $id) $params_action = array($url, $parametres_url['title'], $parametres_url['content']); break; case 'delete': - $sql_action = "DELETE FROM entries WHERE id=?"; - $params_action = array($id); + if (verif_token($token)) { + $sql_action = "DELETE FROM entries WHERE id=?"; + $params_action = array($id); + } + else die('CSRF problem'); break; default: break; @@ -224,4 +227,25 @@ function get_article($id) } return $entry; +} + +/** + * Vérifie si le jeton passé en $_POST correspond à celui en session + */ +function verif_token($token) +{ + if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token)) + { + if($_SESSION['token_poche'] == $token) + { + $old_timestamp = time() - (15*60); + if($_SESSION['token_time_poche'] >= $old_timestamp) + { + return TRUE; + } + else return FALSE; + } + else return FALSE; + } + else return FALSE; } \ No newline at end of file diff --git a/index.php b/index.php index 1cb32f58c..d477d699d 100755 --- a/index.php +++ b/index.php @@ -10,12 +10,16 @@ include dirname(__FILE__).'/inc/config.php'; -$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; -$view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : 'index'; -$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; +$action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : ''; +$view = (isset ($_GET['view'])) ? htmlentities($_GET['view']) : 'index'; +$id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : ''; $url = (isset ($_GET['url'])) ? $_GET['url'] : ''; +$token = (isset ($_POST['token'])) ? $_POST['token'] : ''; + +if ($action != '') { + action_to_do($action, $id, $url, $token); +} -action_to_do($action, $id); $entries = display_view($view); $tpl->assign('title', 'poche, a read it later open source system'); @@ -23,4 +27,5 @@ $tpl->assign('view', $view); $tpl->assign('poche_url', get_poche_url()); $tpl->assign('entries', $entries); $tpl->assign('load_all_js', 1); +$tpl->assign('token', $_SESSION['token_poche']); $tpl->draw('home'); \ No newline at end of file diff --git a/js/poche.js b/js/poche.js index 64df553c9..0dcc0a35f 100644 --- a/js/poche.js +++ b/js/poche.js @@ -1,16 +1,16 @@ -function toggle_favorite(element, id) { +function toggle_favorite(element, id, token) { $(element).toggleClass('fav-off'); $.ajax ({ url: "process.php?action=toggle_fav", - data:{id:id} + data:{id:id, token:token} }); } -function toggle_archive(element, id, view_article) { +function toggle_archive(element, id, token, view_article) { $(element).toggleClass('archive-off'); $.ajax ({ url: "process.php?action=toggle_archive", - data:{id:id} + data:{id:id, token:token} }); var obj = $('#entry-'+id); diff --git a/process.php b/process.php index 0bd20e5de..5a056caac 100644 --- a/process.php +++ b/process.php @@ -11,27 +11,30 @@ include dirname(__FILE__).'/inc/config.php'; $db = new db(DB_PATH); -$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; -$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; +$action = (isset ($_GET['action'])) ? htmlentities($_GET['action']) : ''; +$id = (isset ($_GET['id'])) ? htmlentities($_GET['id']) : ''; +$token = (isset ($_GET['token'])) ? $_GET['token'] : ''; -switch ($action) -{ - case 'toggle_fav' : - $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; - $params_action = array($id); - break; - case 'toggle_archive' : - $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; - $params_action = array($id); - break; - default: - break; -} +if (verif_token($token)) { + switch ($action) + { + case 'toggle_fav' : + $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; + $params_action = array($id); + break; + case 'toggle_archive' : + $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; + $params_action = array($id); + break; + default: + break; + } -# action query -if (isset($sql_action)) -{ - $query = $db->getHandle()->prepare($sql_action); - $query->execute($params_action); + # action query + if (isset($sql_action)) + { + $query = $db->getHandle()->prepare($sql_action); + $query->execute($params_action); + } } -?> \ No newline at end of file +else die('CSRF problem'); \ No newline at end of file diff --git a/tpl/home.html b/tpl/home.html index 70a35a7fc..0de8007b3 100644 --- a/tpl/home.html +++ b/tpl/home.html @@ -8,7 +8,7 @@
  • home
  • favorites
  • archive
    • -
  • poche it !
    • +
  • poche it !
    • {loop="entries"} @@ -18,9 +18,11 @@ {$value.title}
    - - - +
      +
      • +
      • +
      • +
    diff --git a/tpl/view.html b/tpl/view.html index 1e0578899..d24d26edb 100755 --- a/tpl/view.html +++ b/tpl/view.html @@ -5,9 +5,11 @@
    - - - +

    {$title}

    diff --git a/view.php b/view.php index dfc26b9d5..dbafec6bc 100755 --- a/view.php +++ b/view.php @@ -24,6 +24,7 @@ if(!empty($id)) { $tpl->assign('is_fav', $entry[0]['is_fav']); $tpl->assign('is_read', $entry[0]['is_read']); $tpl->assign('load_all_js', 0); + $tpl->assign('token', $_SESSION['token_poche']); $tpl->draw('view'); } else {