diff options
Diffstat (limited to 'phpBB/includes')
35 files changed, 710 insertions, 218 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index ae4eb9bc1a..7f85542264 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -27,6 +27,14 @@ class acp_attachments $submit = (isset($_POST['submit'])) ? true : false; $action = request_var('action', ''); + $form_key = 'acp_attach'; + add_form_key($form_key); + + if ($submit && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + switch ($mode) { case 'attach': diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index f5669b2c04..5871710702 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -23,11 +23,18 @@ class acp_ban include($phpbb_root_path . 'includes/functions_user.' . $phpEx); $bansubmit = (isset($_POST['bansubmit'])) ? true : false; - $unbansubmit= (isset($_POST['unbansubmit'])) ? true : false; + $unbansubmit = (isset($_POST['unbansubmit'])) ? true : false; $current_time = time(); $user->add_lang(array('acp/ban', 'acp/users')); $this->tpl_name = 'acp_ban'; + $form_key = 'acp_ban'; + add_form_key($form_key); + + if(($bansubmit || $unbansubmit) && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } // Ban submitted? if ($bansubmit) diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 235028fc3c..1eaec67e89 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -28,6 +28,9 @@ class acp_bbcodes $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; + $form_key = 'acp_bbcodes'; + + add_form_key($form_key); // Set up mode-specific vars switch ($action) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 7cee81ffe2..a2d91e9196 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -27,6 +27,9 @@ class acp_board $action = request_var('action', ''); $submit = (isset($_POST['submit'])) ? true : false; + $form_key = 'acp_board'; + add_form_key($form_key); + /** * Validation types are: * string, int, bool, @@ -314,6 +317,8 @@ class acp_board 'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']), 'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true), 'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), + 'form_token_mintime' => array('lang' => 'FORM_TIME_MIN', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), ) ); break; @@ -360,6 +365,10 @@ class acp_board // We validate the complete config if whished validate_config_vars($display_vars['vars'], $cfg_array, $error); + if ($submit && !check_form_key($form_key)) + { + $error[] = $user->lang['FORM_INVALID']; + } // Do not write values if there is an error if (sizeof($error)) { diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php index 93108c7fec..50458718ba 100644 --- a/phpBB/includes/acp/acp_bots.php +++ b/phpBB/includes/acp/acp_bots.php @@ -35,6 +35,13 @@ class acp_bots $user->add_lang('acp/bots'); $this->tpl_name = 'acp_bots'; $this->page_title = 'ACP_BOTS'; + $form_key = 'acp_bots'; + add_form_key($form_key); + + if ($submit && !check_form_key($form_key)) + { + $error[] = $user->lang['FORM_INVALID']; + } // User wants to do something, how inconsiderate of them! switch ($action) diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index 496f66e4f9..80b6b625e3 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -57,9 +57,12 @@ class acp_captcha $this->tpl_name = 'acp_captcha'; $this->page_title = 'ACP_VC_SETTINGS'; + $form_key = 'acp_captcha'; + add_form_key($form_key); + $submit = request_var('submit', ''); - - if ($submit) + + if ($submit && check_form_key($form_key)) { $config_vars = array_keys($config_vars); foreach ($config_vars as $config_var) @@ -73,6 +76,10 @@ class acp_captcha } trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); } + else if ($submit) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action)); + } else { diff --git a/phpBB/includes/acp/acp_disallow.php b/phpBB/includes/acp/acp_disallow.php index 4be61ad778..0423c4cc38 100644 --- a/phpBB/includes/acp/acp_disallow.php +++ b/phpBB/includes/acp/acp_disallow.php @@ -28,9 +28,17 @@ class acp_disallow $this->tpl_name = 'acp_disallow'; $this->page_title = 'ACP_DISALLOW_USERNAMES'; + $form_key = 'acp_disallow'; + add_form_key($form_key); + $disallow = (isset($_POST['disallow'])) ? true : false; $allow = (isset($_POST['allow'])) ? true : false; + if (($allow || $disallow) && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if ($disallow) { $disallowed_user = str_replace('*', '%', utf8_normalize_nfc(request_var('disallowed_user', '', true))); diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index cc7c99c90b..7598b729c4 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -24,6 +24,9 @@ class acp_email $this->tpl_name = 'acp_email'; $this->page_title = 'ACP_MASS_EMAIL'; + $form_key = 'acp_email'; + add_form_key($form_key); + // Set some vars $submit = (isset($_POST['submit'])) ? true : false; $error = array(); @@ -41,6 +44,11 @@ class acp_email $use_queue = (isset($_POST['send_immediately'])) ? false : true; $priority = request_var('mail_priority_flag', MAIL_NORMAL_PRIORITY); + if (!check_form_key($form_key)) + { + $error[] = $user->lang['FORM_INVALID']; + } + if (!$subject) { $error[] = $user->lang['NO_EMAIL_SUBJECT']; diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 446c67011d..521eafe437 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -25,6 +25,9 @@ class acp_forums $this->tpl_name = 'acp_forums'; $this->page_title = 'ACP_MANAGE_FORUMS'; + $form_key = 'acp_forums'; + add_form_key($form_key); + $action = request_var('action', ''); $update = (isset($_POST['update'])) ? true : false; $forum_id = request_var('f', 0); @@ -33,6 +36,12 @@ class acp_forums $forum_data = $errors = array(); + if ($update && !check_form_key($form_key)) + { + $update = false; + $error[] = $user->lang['FORM_INVALID']; + } + // Check additional permissions switch ($action) { diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 6c8591818c..a024a55a81 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -24,6 +24,9 @@ class acp_groups $this->tpl_name = 'acp_groups'; $this->page_title = 'ACP_GROUPS_MANAGE'; + $form_key = 'acp_groups'; + add_form_key($form_key); + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); // Check and set some common vars @@ -36,6 +39,7 @@ class acp_groups $start = request_var('start', 0); $update = (isset($_POST['update'])) ? true : false; + // Clear some vars $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; $group_row = array(); @@ -251,13 +255,18 @@ class acp_groups $error = array(); $user->add_lang('ucp'); - + $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); // Did we submit? if ($update) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); $group_type = request_var('group_type', GROUP_FREE); diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index a3eefdfaba..59b5a3d6e2 100755 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -33,14 +33,23 @@ class acp_inactive $action = request_var('action', ''); $mark = (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array(); $start = request_var('start', 0); + $submit = isset($_POST['submit']); // Sort keys $sort_days = request_var('st', 0); $sort_key = request_var('sk', 'i'); $sort_dir = request_var('sd', 'd'); - if (sizeof($mark)) + $form_key = 'acp_inactive'; + add_form_key($form_key); + + if ($submit && sizeof($mark)) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + switch ($action) { case 'activate': diff --git a/phpBB/includes/acp/acp_jabber.php b/phpBB/includes/acp/acp_jabber.php index b1580a0736..0878a3cd40 100644 --- a/phpBB/includes/acp/acp_jabber.php +++ b/phpBB/includes/acp/acp_jabber.php @@ -44,8 +44,16 @@ class acp_jabber $jab_package_size = request_var('jab_package_size', $config['jab_package_size']); $jab_use_ssl = request_var('jab_use_ssl', $config['jab_use_ssl']); + $form_name = 'acp_jabber'; + add_form_key($form_name); + if ($submit) { + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } + $error = array(); $message = $user->lang['JAB_SETTINGS_CHANGED']; diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 71def79433..4246cc5a63 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -32,14 +32,19 @@ class acp_language $this->default_variables(); // Check and set some common vars - $action = request_var('action', ''); - $action = (isset($_POST['update_details'])) ? 'update_details' : $action; - $action = (isset($_POST['download_file'])) ? 'download_file' : $action; - $action = (isset($_POST['upload_file'])) ? 'upload_file' : $action; - $action = (isset($_POST['upload_data'])) ? 'upload_data' : $action; - $action = (isset($_POST['submit_file'])) ? 'submit_file' : $action; - $action = (isset($_POST['remove_store'])) ? 'details' : $action; + $action = (isset($_POST['update_details'])) ? 'update_details' : ''; + $action = (isset($_POST['download_file'])) ? 'download_file' : ''; + $action = (isset($_POST['upload_file'])) ? 'upload_file' : ''; + $action = (isset($_POST['upload_data'])) ? 'upload_data' : ''; + $action = (isset($_POST['submit_file'])) ? 'submit_file' : ''; + $action = (isset($_POST['remove_store'])) ? 'details' : ''; + + $submit = (empty($action)) ? false : true; + $action = (empty($action)) ? request_var('action', '') : $action; + + $form_name = 'acp_lang'; + add_form_key('acp_lang'); $lang_id = request_var('id', 0); if (isset($_POST['missing_file'])) @@ -59,7 +64,7 @@ class acp_language $this->tpl_name = 'acp_language'; $this->page_title = 'ACP_LANGUAGE_PACKS'; - if ($action == 'upload_data' && request_var('test_connection', '')) + if ($submit && $action == 'upload_data' && request_var('test_connection', '')) { $test_connection = false; $action = 'upload_file'; @@ -89,6 +94,7 @@ class acp_language switch ($action) { case 'upload_file': + include_once($phpbb_root_path . 'includes/functions_transfer.' . $phpEx); $method = request_var('method', ''); @@ -132,6 +138,11 @@ class acp_language case 'update_details': + if(!$submit || !check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$lang_id) { trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -162,6 +173,11 @@ class acp_language case 'submit_file': case 'download_file': case 'upload_data': + + if(!$submit || !check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } if (!$lang_id || empty($_POST['entry'])) { diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index 57fd4c1ea5..ea21f52da7 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -35,6 +35,9 @@ class acp_permission_roles $action = request_var('action', ''); $action = (isset($_POST['add'])) ? 'add' : $action; + $form_name = 'acp_permissions'; + add_form_key($form_name); + switch ($mode) { case 'admin_roles': @@ -134,6 +137,11 @@ class acp_permission_roles case 'add': + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } + $role_name = utf8_normalize_nfc(request_var('role_name', '', true)); $role_description = utf8_normalize_nfc(request_var('role_description', '', true)); $auth_settings = request_var('setting', array('' => 0)); diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index 4b06d2edad..f171d43c39 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -46,7 +46,6 @@ class acp_permissions $this->permission_trace($user_id, $forum_id, $permission); return; } - trigger_error('NO_MODE', E_USER_ERROR); } @@ -66,6 +65,9 @@ class acp_permissions $group_id = request_var('group_id', array(0)); $select_all_groups = request_var('select_all_groups', 0); + $form_name = 'acp_permissions'; + add_form_key($form_name); + // If select all groups is set, we pre-build the group id array (this option is used for other screens to link to the permission settings screen) if ($select_all_groups) { @@ -214,6 +216,11 @@ class acp_permissions switch ($action) { case 'delete': + + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } // All users/groups selected? $all_users = (isset($_POST['all_users'])) ? true : false; $all_groups = (isset($_POST['all_groups'])) ? true : false; @@ -247,6 +254,10 @@ class acp_permissions { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } $this->set_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; @@ -256,6 +267,10 @@ class acp_permissions { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } $this->set_all_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php index 950a645487..a01d30c7ab 100644 --- a/phpBB/includes/acp/acp_ranks.php +++ b/phpBB/includes/acp/acp_ranks.php @@ -31,10 +31,17 @@ class acp_ranks $this->tpl_name = 'acp_ranks'; $this->page_title = 'ACP_MANAGE_RANKS'; + $form_name = 'acp_prune'; + add_form_key($form_name); + switch ($action) { case 'save': - + + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } $rank_title = utf8_normalize_nfc(request_var('title', '', true)); $special_rank = request_var('special_rank', 0); $min_posts = ($special_rank) ? 0 : request_var('min_posts', 0); @@ -124,6 +131,11 @@ class acp_ranks case 'edit': case 'add': + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } + $data = $ranks = $existing_imgs = array(); $sql = 'SELECT * diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index ca9fbcb806..ec6fadcecf 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -30,6 +30,9 @@ class acp_reasons $this->tpl_name = 'acp_reasons'; $this->page_title = 'ACP_REASONS'; + $form_name = 'acp_reason'; + add_form_key('acp_reason'); + $error = array(); switch ($action) @@ -44,6 +47,10 @@ class acp_reasons if ($submit) { + if(!check_form_key($form_name)) + { + $error[] = $user->lang['FORM_INVALID']; + } // Reason specified? if (!$reason_row['reason_title'] || !$reason_row['reason_description']) { diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index e854e64dad..a7764a5d6e 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -37,6 +37,9 @@ class acp_users $submit = (isset($_POST['update'])) ? true : false; + $form_name = 'acp_users'; + add_form_key($form_name); + // Whois (special case) if ($action == 'whois') { @@ -218,6 +221,11 @@ class acp_users trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + $ban = array(); switch ($action) @@ -270,6 +278,11 @@ class acp_users trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); @@ -337,6 +350,11 @@ class acp_users trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); @@ -361,6 +379,11 @@ class acp_users case 'delsig': + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + $sql_ary = array( 'user_sig' => '', 'user_sig_bbcode_uid' => '', @@ -379,7 +402,12 @@ class acp_users break; case 'delavatar': - + + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + $sql_ary = array( 'user_avatar' => '', 'user_avatar_type' => 0, @@ -451,6 +479,11 @@ class acp_users case 'moveposts': + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + $user->add_lang('acp/forums'); $new_forum_id = request_var('new_f', 0); @@ -654,6 +687,11 @@ class acp_users $error[] = 'NEW_EMAIL_ERROR'; } + if (!check_form_key($form_name)) + { + $error[] = 'FORM_INVALID'; + } + // Which updates do we need to do? $update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false; $update_password = ($data['new_password'] && $user_row['user_password'] != md5($data['new_password'])) ? true : false; @@ -882,6 +920,11 @@ class acp_users // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + $where_sql = ''; if ($deletemark && $marked) { @@ -907,6 +950,11 @@ class acp_users if ($submit && $message) { + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + add_log('admin', 'LOG_USER_FEEDBACK', $user_row['username']); add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $user_row['username']); add_log('user', $user_id, 'LOG_USER_GENERAL', $message); @@ -1027,6 +1075,10 @@ class acp_users { $error = array_merge($error, $cp_error); } + if (!check_form_key($form_name)) + { + $error[] = 'FORM_INVALID'; + } if (!sizeof($error)) { @@ -1205,6 +1257,11 @@ class acp_users 'post_sd' => array('string', false, 1, 1), )); + if (!check_form_key($form_name)) + { + $error[] = 'FORM_INVALID'; + } + if (!sizeof($error)) { $this->optionset($user_row, 'popuppm', $data['popuppm']); @@ -1368,6 +1425,12 @@ class acp_users if ($submit) { + + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + if (avatar_process_user($error, $user_row)) { trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_row['user_id'])); @@ -1410,6 +1473,11 @@ class acp_users if ($submit) { + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + $rank_id = request_var('user_rank', 0); $sql = 'UPDATE ' . USERS_TABLE . " @@ -1467,7 +1535,12 @@ class acp_users { $error[] = implode('<br />', $message_parser->warn_msg); } - + + if (!check_form_key($form_name)) + { + $error = 'FORM_INVALID'; + } + if (!sizeof($error) && $submit) { $sql_ary = array( @@ -1733,6 +1806,12 @@ class acp_users // Add user to group? if ($submit) { + + if (!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php index 7e971d8e0f..10a317cc50 100644 --- a/phpBB/includes/acp/acp_words.php +++ b/phpBB/includes/acp/acp_words.php @@ -33,6 +33,9 @@ class acp_words $this->tpl_name = 'acp_words'; $this->page_title = 'ACP_WORDS'; + $form_name = 'acp_words'; + add_form_key($form_name); + switch ($action) { case 'edit': @@ -68,6 +71,11 @@ class acp_words break; case 'save': + + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } $word_id = request_var('id', 0); $word = utf8_normalize_nfc(request_var('word', '', true)); $replacement = utf8_normalize_nfc(request_var('replacement', '', true)); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index cf7149afbf..682c3e7a86 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1964,6 +1964,70 @@ function meta_refresh($time, $url) ); } +//Form validation + +/** +* Add a secret token to the form (requires the S_FORM_TOKEN template variable) +* @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply +*/ +function add_form_key($form_name) +{ + global $template, $user; + $now = time(); + $token = sha1($now . $user->data['user_form_salt'] . $form_name); + + $s_fields = build_hidden_fields(array( + 'creation_time' => $now, + 'form_token' => $token, + )); + $template->assign_vars(array( + 'S_FORM_TOKEN' => $s_fields, + )); +} + +/** +* Check the form key. Required for all altering actions not secured by confirm_box +* @param string $form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply +* @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting. +* @param string $return_page The address for the return link +* @param bool $trigger If true, the function will triger an error when encountering an invalid form +* @param int $minimum_time The minimum acceptable age for a submitted form in seconds +*/ +function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false, $miniumum_time = false) +{ + global $user, $config; + + if ($timespan === false) + { + $timespan = $config['form_token_lifetime']; + } + if ($miniumum_time === false) + { + $miniumum_time = $config['form_token_mintime']; + } + if (isset($_POST['creation_time']) && isset($_POST['form_token'])) + { + $creation_time = abs(request_var('creation_time', 0)); + $token = request_var('form_token', ''); + + $diff = (time() - $creation_time); + + if (($diff > $miniumum_time) && (($diff < $timespan) || $timespan == -1)) + { + $key = sha1($creation_time . $user->data['user_form_salt'] . $form_name); + if ($key === $token) + { + return true; + } + } + } + if ($trigger) + { + trigger_error($user->lang['FORM_INVALID'] . $return_page); + } + return false; +} + // Message/Login boxes /** diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 23886e390c..69ab459224 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1930,6 +1930,9 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u } $sql_insert_ary = array(); + $sql_delete_array = array(); + + print_r($cur_poll_options); for ($i = 0, $size = sizeof($poll['poll_options']); $i < $size; $i++) { if (strlen(trim($poll['poll_options'][$i]))) @@ -1952,6 +1955,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u $db->sql_query($sql); } } + else if (!empty($cur_poll_options[$i])) + { + $sql_delete_array[] = $cur_poll_options[$i]['poll_option_id']; + } } $db->sql_multi_insert(POLL_OPTIONS_TABLE, $sql_insert_ary); diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php index 4b33af8b09..212116dfba 100644 --- a/phpBB/includes/mcp/mcp_ban.php +++ b/phpBB/includes/mcp/mcp_ban.php @@ -49,7 +49,6 @@ class mcp_ban $ban_exclude = request_var('banexclude', 0); $ban_reason = utf8_normalize_nfc(request_var('banreason', '', true)); $ban_give_reason = utf8_normalize_nfc(request_var('bangivereason', '', true)); - if ($ban) { diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index 6e6e1ffdd9..3519e86424 100755 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -74,6 +74,8 @@ class mcp_notes $sk = request_var('sk', 'b'); $sd = request_var('sd', 'd'); + add_form_key('mcp_notes'); + $sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $sql = 'SELECT * @@ -121,15 +123,22 @@ class mcp_notes if ($where_sql || $deleteall) { - $sql = 'DELETE FROM ' . LOG_TABLE . ' - WHERE log_type = ' . LOG_USERS . " - AND reportee_id = $user_id - $where_sql"; - $db->sql_query($sql); + if (check_form_key('mcp_notes')) + { + $sql = 'DELETE FROM ' . LOG_TABLE . ' + WHERE log_type = ' . LOG_USERS . " + AND reportee_id = $user_id + $where_sql"; + $db->sql_query($sql); - add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); + add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); - $msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; + $msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; + } + else + { + $msg = 'FORM_INVALID'; + } $redirect = $this->u_action . '&u=' . $user_id; meta_refresh(3, $redirect); trigger_error($user->lang[$msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); @@ -138,15 +147,22 @@ class mcp_notes if ($usernote && $action == 'add_feedback') { - add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); - add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $userrow['username']); - - add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); + if(check_form_key('mcp_notes')) + { + add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); + add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $userrow['username']); + add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); + $msg = $user->lang['USER_FEEDBACK_ADDED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } $redirect = $this->u_action; meta_refresh(3, $redirect); - trigger_error($user->lang['USER_FEEDBACK_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); + trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } // Generate the appropriate user information for the user we are looking at diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 4a5bf77bca..2da4c1769a 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -24,6 +24,8 @@ function mcp_post_details($id, $mode, $action) // Get post data $post_info = get_post_data(array($post_id), false, true); + add_form_key('mcp_post_details'); + if (!sizeof($post_info)) { trigger_error('POST_NOT_EXIST'); @@ -82,7 +84,14 @@ function mcp_post_details($id, $mode, $action) if ($auth->acl_get('m_chgposter', $post_info['forum_id'])) { - change_poster($post_info, $row); + if (check_form_key('mcp_post_details')) + { + change_poster($post_info, $row); + } + else + { + trigger_error('FORM_INVALID'); + } } break; diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 4459c8e673..ef3dea55d2 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -40,7 +40,7 @@ function mcp_topic_view($id, $mode, $action) $to_forum_id = request_var('to_forum_id', 0); $post_id_list = request_var('post_id_list', array(0)); $sort = isset($_POST['sort']) ? true : false; - + // Split Topic? if ($action == 'split_all' || $action == 'split_beyond') { @@ -98,8 +98,8 @@ function mcp_topic_view($id, $mode, $action) if ($total == -1) { $total = $topic_info['topic_replies'] + 1; - } - + } + $posts_per_page = max(0, request_var('posts_per_page', intval($config['posts_per_page']))); if ($posts_per_page == 0) { @@ -220,7 +220,7 @@ function mcp_topic_view($id, $mode, $action) 'S_POST_UNAPPROVED' => ($row['post_approved']) ? false : true, 'S_CHECKED' => ($post_id_list && in_array(intval($row['post_id']), $post_id_list)) ? true : false, 'S_HAS_ATTACHMENTS' => (!empty($attachments[$row['post_id']])) ? true : false, - + 'U_POST_DETAILS' => "$url&i=$id&p={$row['post_id']}&mode=post_details" . (($forum_id) ? "&f=$forum_id" : ''), 'U_MCP_APPROVE' => ($auth->acl_get('m_approve', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '', 'U_MCP_REPORT' => ($auth->acl_get('m_report', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '') @@ -268,11 +268,11 @@ function mcp_topic_view($id, $mode, $action) } } } - + $s_hidden_fields = build_hidden_fields(array( 'st_old' => $sort_days, )); - + $template->assign_vars(array( 'TOPIC_TITLE' => $topic_info['topic_title'], 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&t=' . $topic_info['topic_id']), @@ -298,7 +298,7 @@ function mcp_topic_view($id, $mode, $action) 'S_REPORT_VIEW' => ($action == 'reports') ? true : false, 'S_MERGE_VIEW' => ($action == 'merge') ? true : false, 'S_SPLIT_VIEW' => ($action == 'split') ? true : false, - + 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_SHOW_TOPIC_ICONS' => $s_topic_icons, diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 3f61f6549a..a997d01ca5 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -37,6 +37,8 @@ class mcp_warn $this->page_title = 'MCP_WARN'; + add_form_key('mcp_warn'); + switch ($mode) { case 'front': @@ -241,8 +243,15 @@ class mcp_warn if ($warning && $action == 'add_warning') { - add_warning($user_row, $warning, $notify, $post_id); - + if (check_form_key('mcp_warn')) + { + add_warning($user_row, $warning, $notify, $post_id); + $msg = $user->lang['USER_WARNING_ADDED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } $redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id"); meta_refresh(2, $redirect); trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); @@ -336,11 +345,18 @@ class mcp_warn if ($warning && $action == 'add_warning') { - add_warning($user_row, $warning, $notify); - + if(check_form_key('mcp_warn')) + { + add_warning($user_row, $warning, $notify); + $msg = $user->lang['USER_WARNING_ADDED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } $redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id"); meta_refresh(2, $redirect); - trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); + trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } // Generate the appropriate user information for the user we are looking at diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index cbb70e8601..b2399c74c5 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -641,6 +641,24 @@ class session $this->set_cookie('sid', $this->session_id, $cookie_expire); unset($cookie_expire); + + $sql = 'SELECT COUNT(session_id) AS sessions + FROM ' . SESSIONS_TABLE . ' + WHERE session_user_id = ' . (int) $this->data['user_id'] . ' + AND session_time >= ' . ($this->time_now - $config['form_token_lifetime']); + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ((int) $row['sessions'] <= 1 || empty($this->data['user_form_salt'])) + { + $this->data['user_form_salt'] = unique_id(); + // Update the form key + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\' + WHERE user_id = ' . (int) $this->data['user_id']; + $db->sql_query($sql); + } } else { diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 6e93f64acb..d8d4a285d4 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -393,6 +393,7 @@ class ucp_groups $this->page_title = 'UCP_USERGROUPS_MANAGE'; $action = (isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''); $group_id = request_var('g', 0); + add_form_key('ucp_groups'); if ($group_id) { @@ -552,6 +553,11 @@ class ucp_groups } } + if (!check_form_key('ucp_groups')) + { + $error[] = $user->lang['FORM_INVALID']; + } + if (!sizeof($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index ba40397a55..6f0db86bf6 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -194,41 +194,51 @@ class ucp_main $user->add_lang('viewforum'); + add_form_key('ucp_front_subscribed'); + $unwatch = (isset($_POST['unwatch'])) ? true : false; if ($unwatch) { - $forums = array_keys(request_var('f', array(0 => 0))); - $topics = array_keys(request_var('t', array(0 => 0))); - - if (sizeof($forums) || sizeof($topics)) + if(check_form_key('ucp_front_subscribed')) { - $l_unwatch = ''; - if (sizeof($forums)) - { - $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . ' - WHERE ' . $db->sql_in_set('forum_id', $forums) . ' - AND user_id = ' . $user->data['user_id']; - $db->sql_query($sql); + $forums = array_keys(request_var('f', array(0 => 0))); + $topics = array_keys(request_var('t', array(0 => 0))); + $msg = ''; - $l_unwatch .= '_FORUMS'; - } - - if (sizeof($topics)) + if (sizeof($forums) || sizeof($topics)) { - $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . ' - WHERE ' . $db->sql_in_set('topic_id', $topics) . ' - AND user_id = ' . $user->data['user_id']; - $db->sql_query($sql); + $l_unwatch = ''; + if (sizeof($forums)) + { + $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', $forums) . ' + AND user_id = ' . $user->data['user_id']; + $db->sql_query($sql); + + $l_unwatch .= '_FORUMS'; + } + + if (sizeof($topics)) + { + $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . ' + WHERE ' . $db->sql_in_set('topic_id', $topics) . ' + AND user_id = ' . $user->data['user_id']; + $db->sql_query($sql); + + $l_unwatch .= '_TOPICS'; + } + $msg = $user->lang['UNWATCHED' . $l_unwatch]; - $l_unwatch .= '_TOPICS'; } - - $message = $user->lang['UNWATCHED' . $l_unwatch] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=subscribed") . '">', '</a>'); - - meta_refresh(3, append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=subscribed")); - trigger_error($message); } + else + { + $msg = $user->lang['FORM_INVALID']; + } + $message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=subscribed") . '">', '</a>'); + meta_refresh(3, append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=subscribed")); + trigger_error($message); } $forbidden_forums = array(); @@ -418,53 +428,65 @@ class ucp_main $s_hidden_fields = ($edit) ? '<input type="hidden" name="edit" value="' . $draft_id . '" />' : ''; $draft_subject = $draft_message = ''; + add_form_key('ucp_draft'); if ($delete) { - $drafts = array_keys(request_var('d', array(0 => 0))); - - if (sizeof($drafts)) + if (check_form_key('ucp_draft')) { - $sql = 'DELETE FROM ' . DRAFTS_TABLE . ' - WHERE ' . $db->sql_in_set('draft_id', $drafts) . ' - AND user_id = ' . $user->data['user_id']; - $db->sql_query($sql); + $drafts = array_keys(request_var('d', array(0 => 0))); - $message = $user->lang['DRAFTS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - - meta_refresh(3, $this->u_action); - trigger_error($message); + if (sizeof($drafts)) + { + $sql = 'DELETE FROM ' . DRAFTS_TABLE . ' + WHERE ' . $db->sql_in_set('draft_id', $drafts) . ' + AND user_id = ' . $user->data['user_id']; + $db->sql_query($sql); + } + $msg = $user->lang['DRAFTS_DELETED']; + unset($drafts); } - - unset($drafts); + else + { + $msg = $user->lang['FORM_INVALID']; + } + $message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + meta_refresh(3, $this->u_action); + trigger_error($message); } if ($submit && $edit) { $draft_subject = utf8_normalize_nfc(request_var('subject', '', true)); $draft_message = utf8_normalize_nfc(request_var('message', '', true)); - - if ($draft_message && $draft_subject) + if (check_form_key('ucp_draft')) { - $draft_row = array( - 'draft_subject' => $draft_subject, - 'draft_message' => $draft_message - ); - - $sql = 'UPDATE ' . DRAFTS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $draft_row) . " - WHERE draft_id = $draft_id - AND user_id = " . $user->data['user_id']; - $db->sql_query($sql); + if ($draft_message && $draft_subject) + { + $draft_row = array( + 'draft_subject' => $draft_subject, + 'draft_message' => $draft_message + ); + + $sql = 'UPDATE ' . DRAFTS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $draft_row) . " + WHERE draft_id = $draft_id + AND user_id = " . $user->data['user_id']; + $db->sql_query($sql); - $message = $user->lang['DRAFT_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + $message = $user->lang['DRAFT_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - meta_refresh(3, $this->u_action); - trigger_error($message); + meta_refresh(3, $this->u_action); + trigger_error($message); + } + else + { + $template->assign_var('ERROR', ($draft_message == '') ? $user->lang['EMPTY_DRAFT'] : (($draft_subject == '') ? $user->lang['EMPTY_DRAFT_TITLE'] : '')); + } } else { - $template->assign_var('ERROR', ($draft_message == '') ? $user->lang['EMPTY_DRAFT'] : (($draft_subject == '') ? $user->lang['EMPTY_DRAFT_TITLE'] : '')); + $template->assign_var('ERROR', $user->lang['FORM_INVALID']); } } diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index ae2e367795..a22fc57761 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -25,6 +25,7 @@ function compose_pm($id, $mode, $action) { $action = 'post'; } + add_form_key('ucp_pm_compose'); // Grab only parameters needed here $to_user_id = request_var('u', 0); @@ -532,6 +533,10 @@ function compose_pm($id, $mode, $action) if ($submit || $preview || $refresh) { + if (!check_form_key('ucp_pm_compose')) + { + $error[] = $user->lang['FORM_INVALID']; + } $subject = utf8_normalize_nfc(request_var('subject', '', true)); $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index e4d067115d..429c9e0caa 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -17,9 +17,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=options"); + add_form_key('ucp_pm_options'); // Change "full folder" setting - what to do if folder is full if (isset($_POST['fullfolder'])) { + check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url); $full_action = request_var('full_action', 0); $set_folder_id = 0; @@ -60,79 +62,94 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Add Folder if (isset($_POST['addfolder'])) { - $folder_name = utf8_normalize_nfc(request_var('foldername', '', true)); - - if ($folder_name) + if (check_form_key('ucp_pm_options')) { - $sql = 'SELECT folder_name - FROM ' . PRIVMSGS_FOLDER_TABLE . " - WHERE folder_name = '" . $db->sql_escape($folder_name) . "' - AND user_id = " . $user->data['user_id']; - $result = $db->sql_query_limit($sql, 1); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + $folder_name = utf8_normalize_nfc(request_var('foldername', '', true)); + $msg = ''; - if ($row) + if ($folder_name) { - trigger_error(sprintf($user->lang['FOLDER_NAME_EXIST'], $folder_name)); - } + $sql = 'SELECT folder_name + FROM ' . PRIVMSGS_FOLDER_TABLE . " + WHERE folder_name = '" . $db->sql_escape($folder_name) . "' + AND user_id = " . $user->data['user_id']; + $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - $sql = 'SELECT COUNT(folder_id) as num_folder - FROM ' . PRIVMSGS_FOLDER_TABLE . ' - WHERE user_id = ' . $user->data['user_id']; - $result = $db->sql_query($sql); - $num_folder = (int) $db->sql_fetchfield('num_folder'); - $db->sql_freeresult($result); + if ($row) + { + trigger_error(sprintf($user->lang['FOLDER_NAME_EXIST'], $folder_name)); + } - if ($num_folder >= $config['pm_max_boxes']) - { - trigger_error('MAX_FOLDER_REACHED'); - } + $sql = 'SELECT COUNT(folder_id) as num_folder + FROM ' . PRIVMSGS_FOLDER_TABLE . ' + WHERE user_id = ' . $user->data['user_id']; + $result = $db->sql_query($sql); + $num_folder = (int) $db->sql_fetchfield('num_folder'); + $db->sql_freeresult($result); - $sql = 'INSERT INTO ' . PRIVMSGS_FOLDER_TABLE . ' ' . $db->sql_build_array('INSERT', array( - 'user_id' => (int) $user->data['user_id'], - 'folder_name' => $folder_name) - ); - $db->sql_query($sql); + if ($num_folder >= $config['pm_max_boxes']) + { + trigger_error('MAX_FOLDER_REACHED'); + } - $message = $user->lang['FOLDER_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); - meta_refresh(3, $redirect_url); - trigger_error($message); + $sql = 'INSERT INTO ' . PRIVMSGS_FOLDER_TABLE . ' ' . $db->sql_build_array('INSERT', array( + 'user_id' => (int) $user->data['user_id'], + 'folder_name' => $folder_name) + ); + $db->sql_query($sql); + $msg = $user->lang['FOLDER_ADDED']; + } + } + else + { + $msg = $user->lang['FORM_INVALID']; } + $message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); + meta_refresh(3, $redirect_url); + trigger_error($message); } // Rename folder if (isset($_POST['rename_folder'])) { - $new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true)); - $rename_folder_id= request_var('rename_folder_id', 0); - - if (!$new_folder_name) + if (check_form_key('ucp_pm_options')) { - trigger_error('NO_NEW_FOLDER_NAME'); - } + $new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true)); + $rename_folder_id= request_var('rename_folder_id', 0); - // Select custom folder - $sql = 'SELECT folder_name, pm_count - FROM ' . PRIVMSGS_FOLDER_TABLE . " - WHERE user_id = {$user->data['user_id']} - AND folder_id = $rename_folder_id"; - $result = $db->sql_query_limit($sql, 1); - $folder_row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + if (!$new_folder_name) + { + trigger_error('NO_NEW_FOLDER_NAME'); + } - if (!$folder_row) - { - trigger_error('CANNOT_RENAME_FOLDER'); - } + // Select custom folder + $sql = 'SELECT folder_name, pm_count + FROM ' . PRIVMSGS_FOLDER_TABLE . " + WHERE user_id = {$user->data['user_id']} + AND folder_id = $rename_folder_id"; + $result = $db->sql_query_limit($sql, 1); + $folder_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - $sql = 'UPDATE ' . PRIVMSGS_FOLDER_TABLE . " - SET folder_name = '" . $db->sql_escape($new_folder_name) . "' - WHERE folder_id = $rename_folder_id - AND user_id = {$user->data['user_id']}"; - $db->sql_query($sql); + if (!$folder_row) + { + trigger_error('CANNOT_RENAME_FOLDER'); + } - $message = $user->lang['FOLDER_RENAMED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); + $sql = 'UPDATE ' . PRIVMSGS_FOLDER_TABLE . " + SET folder_name = '" . $db->sql_escape($new_folder_name) . "' + WHERE folder_id = $rename_folder_id + AND user_id = {$user->data['user_id']}"; + $db->sql_query($sql); + $msg = $user->lang['FOLDER_RENAMED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } + $message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); meta_refresh(3, $redirect_url); trigger_error($message); } @@ -251,60 +268,68 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Add Rule if (isset($_POST['add_rule'])) { - $check_option = request_var('check_option', 0); - $rule_option = request_var('rule_option', 0); - $cond_option = request_var('cond_option', ''); - $action_option = explode('|', request_var('action_option', '')); - $rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : ''; - $rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0; - $rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0; - - $action = (int) $action_option[0]; - $folder_id = (int) $action_option[1]; - - if (!$action || !$check_option || !$rule_option || !$cond_option || ($cond_option != 'none' && !$rule_string)) + if(check_form_key('ucp_pm_options')) { - trigger_error('RULE_NOT_DEFINED'); - } + $check_option = request_var('check_option', 0); + $rule_option = request_var('rule_option', 0); + $cond_option = request_var('cond_option', ''); + $action_option = explode('|', request_var('action_option', '')); + $rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : ''; + $rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0; + $rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0; + + $action = (int) $action_option[0]; + $folder_id = (int) $action_option[1]; + + if (!$action || !$check_option || !$rule_option || !$cond_option || ($cond_option != 'none' && !$rule_string)) + { + trigger_error('RULE_NOT_DEFINED'); + } - if (($cond_option == 'user' && !$rule_user_id) || ($cond_option == 'group' && !$rule_group_id)) - { - trigger_error('RULE_NOT_DEFINED'); - } + if (($cond_option == 'user' && !$rule_user_id) || ($cond_option == 'group' && !$rule_group_id)) + { + trigger_error('RULE_NOT_DEFINED'); + } - $rule_ary = array( - 'user_id' => $user->data['user_id'], - 'rule_check' => $check_option, - 'rule_connection' => $rule_option, - 'rule_string' => $rule_string, - 'rule_user_id' => $rule_user_id, - 'rule_group_id' => $rule_group_id, - 'rule_action' => $action, - 'rule_folder_id' => $folder_id - ); + $rule_ary = array( + 'user_id' => $user->data['user_id'], + 'rule_check' => $check_option, + 'rule_connection' => $rule_option, + 'rule_string' => $rule_string, + 'rule_user_id' => $rule_user_id, + 'rule_group_id' => $rule_group_id, + 'rule_action' => $action, + 'rule_folder_id' => $folder_id + ); - $sql = 'SELECT rule_id - FROM ' . PRIVMSGS_RULES_TABLE . ' - WHERE ' . $db->sql_build_array('SELECT', $rule_ary); - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + $sql = 'SELECT rule_id + FROM ' . PRIVMSGS_RULES_TABLE . ' + WHERE ' . $db->sql_build_array('SELECT', $rule_ary); + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($row) - { - trigger_error('RULE_ALREADY_DEFINED'); - } + if ($row) + { + trigger_error('RULE_ALREADY_DEFINED'); + } - $sql = 'INSERT INTO ' . PRIVMSGS_RULES_TABLE . ' ' . $db->sql_build_array('INSERT', $rule_ary); - $db->sql_query($sql); + $sql = 'INSERT INTO ' . PRIVMSGS_RULES_TABLE . ' ' . $db->sql_build_array('INSERT', $rule_ary); + $db->sql_query($sql); - // Update users message rules - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_message_rules = 1 - WHERE user_id = ' . $user->data['user_id']; - $db->sql_query($sql); + // Update users message rules + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_message_rules = 1 + WHERE user_id = ' . $user->data['user_id']; + $db->sql_query($sql); - $message = $user->lang['RULE_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); + $msg = $user->lang['RULE_ADDED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } + $message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); meta_refresh(3, $redirect_url); trigger_error($message); } diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index b0e8f098c2..445000b4dc 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -28,7 +28,7 @@ class ucp_prefs switch ($mode) { case 'personal': - + add_form_key('ucp_prefs_personal'); $data = array( 'notifymethod' => request_var('notifymethod', $user->data['user_notify_type']), 'dateformat' => request_var('dateformat', $user->data['user_dateformat'], true), @@ -55,6 +55,11 @@ class ucp_prefs 'tz' => array('num', false, -14, 14), )); + if (!check_form_key('ucp_prefs_personal')) + { + $error[] = 'FORM_INVALID'; + } + if (!sizeof($error)) { $user->optionset('popuppm', $data['popuppm']); @@ -140,6 +145,8 @@ class ucp_prefs case 'view': + add_form_key('ucp_prefs_view'); + $data = array( 'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'), 'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'), @@ -166,6 +173,11 @@ class ucp_prefs 'post_sd' => array('string', false, 1, 1), )); + if (!check_form_key('ucp_prefs_view')) + { + $error[] = 'FORM_INVALID'; + } + if (!sizeof($error)) { $user->optionset('viewimg', $data['images']); @@ -276,25 +288,34 @@ class ucp_prefs 'sig' => request_var('sig', $user->optionget('attachsig')), 'notify' => request_var('notify', $user->data['user_notify']), ); + add_form_key('ucp_prefs_post'); if ($submit) { - $user->optionset('bbcode', $data['bbcode']); - $user->optionset('smilies', $data['smilies']); - $user->optionset('attachsig', $data['sig']); + if (check_form_key('ucp_prefs_post')) + { + $user->optionset('bbcode', $data['bbcode']); + $user->optionset('smilies', $data['smilies']); + $user->optionset('attachsig', $data['sig']); - $sql_ary = array( - 'user_options' => $user->data['user_options'], - 'user_notify' => $data['notify'], - ); + $sql_ary = array( + 'user_options' => $user->data['user_options'], + 'user_notify' => $data['notify'], + ); - $sql = 'UPDATE ' . USERS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id = ' . $user->data['user_id']; - $db->sql_query($sql); + $sql = 'UPDATE ' . USERS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE user_id = ' . $user->data['user_id']; + $db->sql_query($sql); + $msg = $user->lang['PREFERENCES_UPDATED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } meta_refresh(3, $this->u_action); - $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + $message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 269c3aad44..45461a56d0 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -44,6 +44,8 @@ class ucp_profile 'password_confirm' => request_var('password_confirm', '', true), ); + add_form_key('ucp_reg_details'); + if ($submit) { // Do not check cur_password, it is the old one. @@ -89,6 +91,11 @@ class ucp_profile $error[] = 'NEW_EMAIL_ERROR'; } + if (!check_form_key('ucp_reg_details')) + { + $error[] = 'FORM_INVALID'; + } + if (!sizeof($error)) { $sql_ary = array( @@ -224,7 +231,7 @@ class ucp_profile trigger_error($message); } - + // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } @@ -282,6 +289,8 @@ class ucp_profile $data['bday_year'] = request_var('bday_year', $data['bday_year']); } + add_form_key('ucp_profile_info'); + if ($submit) { $validate_array = array( @@ -321,6 +330,11 @@ class ucp_profile $error = array_merge($error, $cp_error); } + if (!check_form_key('ucp_profile_info')) + { + $error[] = 'FORM_INVALID'; + } + if (!sizeof($error)) { $sql_ary = array( @@ -446,6 +460,8 @@ class ucp_profile $signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true)); + add_form_key('ucp_sig'); + if ($submit || $preview) { include($phpbb_root_path . 'includes/message_parser.' . $phpEx); @@ -462,6 +478,11 @@ class ucp_profile $error[] = implode('<br />', $message_parser->warn_msg); } + if (!check_form_key('ucp_sig')) + { + $error[] = 'FORM_INVALID'; + } + if (!sizeof($error) && $submit) { $sql_ary = array( @@ -517,7 +538,7 @@ class ucp_profile 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false, 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) ); - + // Build custom bbcodes array display_custom_bbcodes(); @@ -533,15 +554,23 @@ class ucp_profile $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + add_form_key('ucp_avatar'); + if ($submit) { - if (avatar_process_user($error)) + if (check_form_key('ucp_avatar')) { - meta_refresh(3, $this->u_action); - $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - trigger_error($message); + if (avatar_process_user($error)) + { + meta_refresh(3, $this->u_action); + $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + trigger_error($message); + } + } + else + { + $error[] = 'FORM_INVALID'; } - // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 6f133a9ed4..f321eb5b25 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -36,6 +36,16 @@ class ucp_register $change_lang = request_var('change_lang', ''); $user_lang = request_var('lang', $user->lang_name); + add_form_key('ucp_register'); + + // not so fast, buddy + if (($submit && !check_form_key('ucp_register', false, '', false, 5)) + || (!$submit && !check_form_key('ucp_register', false, '', false, 1))) + { + $agreed = false; + } + + if ($change_lang || $user_lang != $config['default_lang']) { $use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang); @@ -122,6 +132,7 @@ class ucp_register return; } + // Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1 $timezone = date('Z') / 3600; $is_dst = date('I'); diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 1e424fb7cc..edd372333e 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -26,8 +26,15 @@ class ucp_resend $email = strtolower(request_var('email', '')); $submit = (isset($_POST['submit'])) ? true : false; + add_form_key('ucp_resend'); + if ($submit) { + if (!check_form_key('ucp_resend')) + { + trigger_error('FORM_INVALID'); + } + $sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason FROM ' . USERS_TABLE . " WHERE user_email = '" . $db->sql_escape($email) . "' |