diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2008-08-21 15:41:12 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2008-08-21 15:41:12 +0000 |
| commit | f56391d5f7d2170397759e26962925635e6a8263 (patch) | |
| tree | fdbdd1c77ed85f7fcc5b7510de5c172948ff22bf /phpBB/includes/functions.php | |
| parent | 7e28be59684bf391c1cc58c480f7ed7dfba0f093 (diff) | |
| download | forums-f56391d5f7d2170397759e26962925635e6a8263.tar forums-f56391d5f7d2170397759e26962925635e6a8263.tar.gz forums-f56391d5f7d2170397759e26962925635e6a8263.tar.bz2 forums-f56391d5f7d2170397759e26962925635e6a8263.tar.xz forums-f56391d5f7d2170397759e26962925635e6a8263.zip | |
as per evil3, some more anti-CSRF
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8775 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 35a928d0b7..57423af6b3 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2174,6 +2174,37 @@ function meta_refresh($time, $url) //Form validation + +/** +* Add a secret hash for use in links/GET requests +* @param string $link_name The name of the link; has to match the name used in check_form_key, otherwise no restrictions apply +* @param int $length The length of the key to generate +* @return sting the hash + +*/ +function generate_link_hash($link_name) +{ + global $user; + if (!isset($user->data["hash_$link_name"])) + { + $user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8); + } + return $user->data["hash_$link_name"]; +} + + +/** +* checks a link hash - for GET requests +* @param string $token the submitted token +* @param string $link_name The name of the link; has to match the name used in check_form_key, otherwise no restrictions apply +* @param int $length The length of the key to check +* @return boolean true if all is fine +*/ +function check_link_hash($token, $link_name) +{ + return $token === generate_link_hash($link_name); +} + /** * Add a secret token to the form (requires the S_FORM_TOKEN template variable) * @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply |