public/subscribe: require valid CSRF token when validating the form

This commit is contained in:
Andrew Dolgov 2020-09-14 20:21:22 +03:00
parent b4cb67e77f
commit da98ba662e
1 changed files with 4 additions and 1 deletions

View File

@ -728,6 +728,7 @@ class Handler_Public extends Handler {
if ($_SESSION["uid"]) { if ($_SESSION["uid"]) {
$feed_url = trim(clean($_REQUEST["feed_url"])); $feed_url = trim(clean($_REQUEST["feed_url"]));
$csrf_token = clean($_REQUEST["csrf_token"]);
header('Content-Type: text/html; charset=utf-8'); header('Content-Type: text/html; charset=utf-8');
?> ?>
@ -774,10 +775,11 @@ class Handler_Public extends Handler {
<div class='content'> <div class='content'>
<?php <?php
if (!$feed_url) { if (!$feed_url || $csrf_token != $_SESSION["csrf_token"]) {
?> ?>
<form method="post"> <form method="post">
<input type="hidden" name="op" value="subscribe"> <input type="hidden" name="op" value="subscribe">
<?php print_hidden("csrf_token", $_SESSION["csrf_token"]) ?>
<fieldset> <fieldset>
<label>Feed or site URL:</label> <label>Feed or site URL:</label>
<input style="width: 300px" dojoType="dijit.form.ValidationTextBox" required="1" name="feed_url"> <input style="width: 300px" dojoType="dijit.form.ValidationTextBox" required="1" name="feed_url">
@ -820,6 +822,7 @@ class Handler_Public extends Handler {
print "<form action='public.php'>"; print "<form action='public.php'>";
print "<input type='hidden' name='op' value='subscribe'>"; print "<input type='hidden' name='op' value='subscribe'>";
print_hidden("csrf_token", $_SESSION["csrf_token"]);
print "<fieldset>"; print "<fieldset>";
print "<label style='display : inline'>" . __("Multiple feed URLs found:") . "</label>"; print "<label style='display : inline'>" . __("Multiple feed URLs found:") . "</label>";