vérificatio CSRF et mise en page

This commit is contained in:
nicosomb 2013-04-15 14:09:58 +02:00
parent 358ab47957
commit cf3180f6b8
9 changed files with 125 additions and 50 deletions

View file

@ -65,6 +65,16 @@ footer {
cursor: pointer; cursor: pointer;
} }
input[type=submit].delete {
background : url('../img/delete.png') no-repeat center center;
width : 16px;
height :16px;
border : none;
color : transparent;
cursor: pointer;
font-size : 0;
}
#main #content { #main #content {
margin-top: 20px; margin-top: 20px;
} }
@ -77,13 +87,15 @@ footer {
min-height: 8em; min-height: 8em;
-webkit-border-radius: 2px; -webkit-border-radius: 2px;
border-radius: 2px; border-radius: 2px;
-webkit-box-shadow: 0px 0px 2px -1px #000; -webkit-box-shadow: 0px 0px 6px -1px #000;
box-shadow: 0px 0px 2px -1px #000; box-shadow: 0px 0px 6px -1px #000;
width: 30%; width: 30%;
margin: 10px; margin: 10px;
float: left; float: left;
} }
#main .entrie h2 {
width: 95%;
}
#main .entrie h2 a { #main .entrie h2 a {
text-decoration: none; text-decoration: none;
} }
@ -92,20 +104,38 @@ footer {
color: #F5BE00; color: #F5BE00;
} }
#main .entrie .tools { .tools {
position:absolute; position: absolute;
bottom: 0; top: 20px;
width: 100%; right: 20px;
width: 30px;
text-align: right; text-align: right;
margin-left: -20px; }
.tools ul {
padding: 0; margin: 0;
list-style-type: none;
}
.tools ul li {
line-height: 20px;
}
.tools a.tool {
cursor: pointer;
} }
#article .tools { #article .tools {
position: relative;
display: inline; display: inline;
top: 0px;
right: 0px;
width: 100%;
text-align: left;
} }
#article .tools a.tool { #article.tools ul li{
cursor: pointer; display: inline;
} }
#main .entrie .tools a.tool span, #article .tools a.tool span { #main .entrie .tools a.tool span, #article .tools a.tool span {

View file

@ -23,3 +23,11 @@ raintpl::$base_url = get_poche_url();
raintpl::configure('path_replace', false); raintpl::configure('path_replace', false);
raintpl::configure('debug', false); raintpl::configure('debug', false);
$tpl = new raintpl(); $tpl = new raintpl();
session_start();
if (!isset($_SESSION['token_poche'])) {
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token_poche'] = $token;
$_SESSION['token_time_poche'] = time();
}

View file

@ -125,7 +125,7 @@ function prepare_url($url)
/** /**
* Appel d'une action (mark as fav, archive, delete) * Appel d'une action (mark as fav, archive, delete)
*/ */
function action_to_do($action, $id) function action_to_do($action, $id, $url, $token)
{ {
global $db; global $db;
@ -140,8 +140,11 @@ function action_to_do($action, $id)
$params_action = array($url, $parametres_url['title'], $parametres_url['content']); $params_action = array($url, $parametres_url['title'], $parametres_url['content']);
break; break;
case 'delete': case 'delete':
$sql_action = "DELETE FROM entries WHERE id=?"; if (verif_token($token)) {
$params_action = array($id); $sql_action = "DELETE FROM entries WHERE id=?";
$params_action = array($id);
}
else die('CSRF problem');
break; break;
default: default:
break; break;
@ -225,3 +228,24 @@ function get_article($id)
return $entry; return $entry;
} }
/**
* Vérifie si le jeton passé en $_POST correspond à celui en session
*/
function verif_token($token)
{
if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
{
if($_SESSION['token_poche'] == $token)
{
$old_timestamp = time() - (15*60);
if($_SESSION['token_time_poche'] >= $old_timestamp)
{
return TRUE;
}
else return FALSE;
}
else return FALSE;
}
else return FALSE;
}

View file

@ -10,12 +10,16 @@
include dirname(__FILE__).'/inc/config.php'; include dirname(__FILE__).'/inc/config.php';
$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; $action = (isset ($_REQUEST['action'])) ? htmlentities($_REQUEST['action']) : '';
$view = (isset ($_GET['view'])) ? htmlspecialchars($_GET['view']) : 'index'; $view = (isset ($_GET['view'])) ? htmlentities($_GET['view']) : 'index';
$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; $id = (isset ($_REQUEST['id'])) ? htmlspecialchars($_REQUEST['id']) : '';
$url = (isset ($_GET['url'])) ? $_GET['url'] : ''; $url = (isset ($_GET['url'])) ? $_GET['url'] : '';
$token = (isset ($_POST['token'])) ? $_POST['token'] : '';
if ($action != '') {
action_to_do($action, $id, $url, $token);
}
action_to_do($action, $id);
$entries = display_view($view); $entries = display_view($view);
$tpl->assign('title', 'poche, a read it later open source system'); $tpl->assign('title', 'poche, a read it later open source system');
@ -23,4 +27,5 @@ $tpl->assign('view', $view);
$tpl->assign('poche_url', get_poche_url()); $tpl->assign('poche_url', get_poche_url());
$tpl->assign('entries', $entries); $tpl->assign('entries', $entries);
$tpl->assign('load_all_js', 1); $tpl->assign('load_all_js', 1);
$tpl->assign('token', $_SESSION['token_poche']);
$tpl->draw('home'); $tpl->draw('home');

View file

@ -1,16 +1,16 @@
function toggle_favorite(element, id) { function toggle_favorite(element, id, token) {
$(element).toggleClass('fav-off'); $(element).toggleClass('fav-off');
$.ajax ({ $.ajax ({
url: "process.php?action=toggle_fav", url: "process.php?action=toggle_fav",
data:{id:id} data:{id:id, token:token}
}); });
} }
function toggle_archive(element, id, view_article) { function toggle_archive(element, id, token, view_article) {
$(element).toggleClass('archive-off'); $(element).toggleClass('archive-off');
$.ajax ({ $.ajax ({
url: "process.php?action=toggle_archive", url: "process.php?action=toggle_archive",
data:{id:id} data:{id:id, token:token}
}); });
var obj = $('#entry-'+id); var obj = $('#entry-'+id);

View file

@ -11,27 +11,30 @@
include dirname(__FILE__).'/inc/config.php'; include dirname(__FILE__).'/inc/config.php';
$db = new db(DB_PATH); $db = new db(DB_PATH);
$action = (isset ($_GET['action'])) ? htmlspecialchars($_GET['action']) : ''; $action = (isset ($_GET['action'])) ? htmlentities($_GET['action']) : '';
$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; $id = (isset ($_GET['id'])) ? htmlentities($_GET['id']) : '';
$token = (isset ($_GET['token'])) ? $_GET['token'] : '';
switch ($action) if (verif_token($token)) {
{ switch ($action)
case 'toggle_fav' : {
$sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; case 'toggle_fav' :
$params_action = array($id); $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
break; $params_action = array($id);
case 'toggle_archive' : break;
$sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; case 'toggle_archive' :
$params_action = array($id); $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?";
break; $params_action = array($id);
default: break;
break; default:
} break;
}
# action query # action query
if (isset($sql_action)) if (isset($sql_action))
{ {
$query = $db->getHandle()->prepare($sql_action); $query = $db->getHandle()->prepare($sql_action);
$query->execute($params_action); $query->execute($params_action);
}
} }
?> else die('CSRF problem');

View file

@ -8,7 +8,7 @@
<li><a href="index.php" {if="$view == 'index'"}class="current"{/if}>home</a></li> <li><a href="index.php" {if="$view == 'index'"}class="current"{/if}>home</a></li>
<li><a href="?view=fav" {if="$view == 'fav'"}class="current"{/if}>favorites</a></li> <li><a href="?view=fav" {if="$view == 'fav'"}class="current"{/if}>favorites</a></li>
<li><a href="?view=archive" {if="$view == 'archive'"}class="current"{/if}>archive</a></li> <li><a href="?view=archive" {if="$view == 'archive'"}class="current"{/if}>archive</a></li>
<li><a style="cursor: move" title="i am a bookmarklet, use me !" href="javascript:(function(){var%20url%20=%20location.href;var%20title%20=%20document.title%20||%20url;window.open('{$poche_url}?action=add&url='%20+%20encodeURIComponent(url),'_self');})();">poche it !</a></li> <li><a style="cursor: move" title="i am a bookmarklet, use me !" href="javascript:(function(){var%20url%20=%20location.href%20||%20url;window.open('{$poche_url}?action=add&url='%20+%20encodeURIComponent(url),'_self');})();">poche it !</a></li>
</ul> </ul>
<div id="content"> <div id="content">
{loop="entries"} {loop="entries"}
@ -18,9 +18,11 @@
<a href="view.php?id={$value.id}">{$value.title}</a> <a href="view.php?id={$value.id}">{$value.title}</a>
</h2> </h2>
<div class="tools"> <div class="tools">
<a title="toggle mark as read" class="tool archive {if="$value.is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$value.id})"><span></span></a> <ul>
<a title="toggle favorite" class="tool fav {if="$value.is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$value.id})"><span></span></a> <li><a title="toggle mark as read" class="tool archive {if="$value.is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$value.id}, '{$token}')"><span></span></a></li>
<a href="?action=delete&id={$value.id}" title="toggle delete" onclick="return confirm('Are you sure?')" class="tool delete"><span></span></a> <li><a title="toggle favorite" class="tool fav {if="$value.is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$value.id}, '{$token}')"><span></span></a></li>
<li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;"><input type="hidden" name="token" id="token" value="{$token}" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$value.id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
</ul>
</div> </div>
</span> </span>
</div> </div>

View file

@ -5,9 +5,11 @@
<a href="index.php" title="back to home">&larr;</a> <a href="index.php" title="back to home">&larr;</a>
</div> </div>
<div class="tools"> <div class="tools">
<a title="toggle mark as read" class="tool archive {if="$is_read == 0"}archive-off{/if}" onclick="toggle_archive(this, {$id}, 1)"><span></span></a> <ul>
<a title="toggle favorite" class="tool fav {if="$is_fav == 0"}fav-off{/if}" onclick="toggle_favorite(this, {$id})"><span></span></a> <li><a title="toggle mark as read" class="tool archive {if="$is_read == '0'"}archive-off{/if}" onclick="toggle_archive(this, {$id}, '{$token}')"><span></span></a></li>
<a href="index.php?action=delete&id={$id}" title="toggle delete" onclick="return confirm('Are you sure?')" class="tool delete"><span></span></a> <li><a title="toggle favorite" class="tool fav {if="$is_fav == '0'"}fav-off{/if}" onclick="toggle_favorite(this, {$id}, '{$token}')"><span></span></a></li>
<li><form method="post" onsubmit="return confirm('Are you sure?')" style="display: inline;"><input type="hidden" name="token" id="token" value="{$token}" /><input type="hidden" id="action" name="action" value="delete" /><input type="hidden" id="id" name="id" value="{$id}" /><input type="submit" class="delete" title="toggle delete" /></form></li>
</ul>
</div> </div>
<header class="mbm"> <header class="mbm">
<h1><a href="{$url}">{$title}</a></h1> <h1><a href="{$url}">{$title}</a></h1>

View file

@ -24,6 +24,7 @@ if(!empty($id)) {
$tpl->assign('is_fav', $entry[0]['is_fav']); $tpl->assign('is_fav', $entry[0]['is_fav']);
$tpl->assign('is_read', $entry[0]['is_read']); $tpl->assign('is_read', $entry[0]['is_read']);
$tpl->assign('load_all_js', 0); $tpl->assign('load_all_js', 0);
$tpl->assign('token', $_SESSION['token_poche']);
$tpl->draw('view'); $tpl->draw('view');
} }
else { else {