From ff43d0a97cc145f1ec3ed3b91a6cc3a444760281 Mon Sep 17 00:00:00 2001 From: nuxsmin Date: Wed, 23 Oct 2013 20:08:41 +0200 Subject: [PATCH] Fix session key generation errors on forms and ajax requests --- ajax/ajax_categorymgmt.php | 4 ++++ ajax/ajax_getFiles.php | 8 ++++++-- inc/tpl/accounts.php | 4 ++-- inc/tpl/categories.php | 9 +++++---- inc/tpl/groups.php | 2 +- inc/tpl/profiles.php | 2 +- inc/tpl/users.php | 2 +- 7 files changed, 20 insertions(+), 11 deletions(-) diff --git a/ajax/ajax_categorymgmt.php b/ajax/ajax_categorymgmt.php index 9812df1c..e94796c0 100644 --- a/ajax/ajax_categorymgmt.php +++ b/ajax/ajax_categorymgmt.php @@ -32,6 +32,10 @@ if ( ! SP_Init::isLoggedIn() ) { SP_Common::printXML(_('La sesión no se ha iniciado o ha caducado'),10); } +if (!isset($_POST["sk"]) || !SP_Common::checkSessionKey($_POST["sk"])) { + SP_Common::printXML(_('CONSULTA INVÁLIDA')); +} + SP_Users::checkUserAccess('config') || SP_Html::showCommonError('unavailable'); $intCategoryFunction = ( isset($_POST["categoryFunction"]) ) ? (int) $_POST["categoryFunction"] : 0; diff --git a/ajax/ajax_getFiles.php b/ajax/ajax_getFiles.php index 00c953b0..da658a60 100644 --- a/ajax/ajax_getFiles.php +++ b/ajax/ajax_getFiles.php @@ -41,11 +41,16 @@ if ( SP_Config::getValue('filesenabled') == 0 ){ $accountId = ( isset($_GET['id']) ) ? (int)$_GET['id'] : 0 ; $deleteEnabled = ( isset($_GET['del']) ) ? (int)$_GET['del'] : 0 ; +$skey = ( isset($_GET['sk']) ) ? SP_Html::sanitize($_GET['sk']) : NULL; + +if ( is_null($skey) ) { + return _('CONSULTA INVÁLIDA'); +} $files = SP_Files::getFileList($accountId, $deleteEnabled); if ( ! is_array($files) || count($files) === 0 ){ - return; + return; } ?> @@ -55,7 +60,6 @@ if ( ! is_array($files) || count($files) === 0 ){ -
diff --git a/inc/tpl/accounts.php b/inc/tpl/accounts.php index 851e3ebc..b3cdce3f 100644 --- a/inc/tpl/accounts.php +++ b/inc/tpl/accounts.php @@ -135,7 +135,7 @@ $showEditPass = ($action == "accedit" && ! $account->accountIsHistory); $showDelete = ($action == "accdelete" && $account->checkAccountAccess("accdelete") && SP_Users::checkUserAccess("accdelete")); $filesDelete = ( $action == 'accedit' ) ? 1 : 0; -$skey = SP_Common::getSessionKey(); +$skey = SP_Common::getSessionKey(TRUE); ?>
@@ -405,7 +405,7 @@ $skey = SP_Common::getSessionKey();
  • - +
    • diff --git a/inc/tpl/categories.php b/inc/tpl/categories.php index fdbaf6b4..9f3d6292 100644 --- a/inc/tpl/categories.php +++ b/inc/tpl/categories.php @@ -50,6 +50,7 @@ $categoriesSelProp2 = array ( "name" => "categoryId", "js" => "", "attribs" => ""); +$skey = SP_Common::getSessionKey(TRUE); ?> @@ -63,7 +64,7 @@ $categoriesSelProp2 = array ( "name" => "categoryId", - + @@ -79,7 +80,7 @@ $categoriesSelProp2 = array ( "name" => "categoryId", - + @@ -93,7 +94,7 @@ $categoriesSelProp2 = array ( "name" => "categoryId", - + @@ -109,4 +110,4 @@ $categoriesSelProp2 = array ( "name" => "categoryId", placeholder_text_single: "", disable_search_threshold: 10, no_results_text: ""}); - + \ No newline at end of file diff --git a/inc/tpl/groups.php b/inc/tpl/groups.php index bed1c44a..7fef7703 100644 --- a/inc/tpl/groups.php +++ b/inc/tpl/groups.php @@ -53,7 +53,7 @@ $activeTab = $data['active']; " /> " /> - +
    diff --git a/inc/tpl/profiles.php b/inc/tpl/profiles.php index 96a77797..29116cb1 100644 --- a/inc/tpl/profiles.php +++ b/inc/tpl/profiles.php @@ -113,7 +113,7 @@ $activeTab = $data['active']; " /> - +