tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX Fixed ComplexTableField and TableListField GET actions against CSRF attacks (with Form_SecurityToken->checkRequest()) (from r113276)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113301 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-11-01 02:59:44 +00:00 committed by Sam Minnee
parent 79bc6d5a21
commit 2627281d5c
3 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
forms/ComplexTableField.php
View File

@ -730,7 +730,11 @@ class ComplexTableField_ItemRequest extends RequestHandler {
echo $this->renderWith($this->ctf->templatePopup); echo $this->renderWith($this->ctf->templatePopup);
} }
function delete() { function delete($request) {
// Protect against CSRF on destructive action
$token = $this->ctf->getForm()->getSecurityToken();
if(!$token->checkRequest($request)) return $this->httpError(400);
if($this->ctf->Can('delete') !== true) { if($this->ctf->Can('delete') !== true) {
return false; return false;
} }

12
forms/TableListField.php
View File

@ -534,7 +534,11 @@ JS
/** /**
* @return String * @return String
*/ */
function delete() { function delete($request) {
// Protect against CSRF on destructive action
$token = $this->getForm()->getSecurityToken();
if(!$token->checkRequest($request)) return $this->httpError('400');
if($this->Can('delete') !== true) { if($this->Can('delete') !== true) {
return false; return false;
} }
@ -1411,7 +1415,11 @@ class TableListField_ItemRequest extends RequestHandler {
parent::__construct(); parent::__construct();
} }
function delete() { function delete($request) {
// Protect against CSRF on destructive action
$token = $this->ctf->getForm()->getSecurityToken();
if(!$token->checkRequest($request)) return $this->httpError('400');
if($this->ctf->Can('delete') !== true) { if($this->ctf->Can('delete') !== true) {
return false; return false;
} }

4
security/SecurityToken.php
View File

@ -152,7 +152,7 @@ class SecurityToken extends Object {
/** /**
* See {@link check()}. * See {@link check()}.
* *
* @param SS_HTTPRequest $request * @param HTTPRequest $request
* @return Boolean * @return Boolean
*/ */
function checkRequest($request) { function checkRequest($request) {
@ -223,7 +223,7 @@ class NullSecurityToken extends SecurityToken {
} }
/** /**
* @param SS_HTTPRequest $request * @param HTTPRequest $request
* @return Boolean * @return Boolean
*/ */
function checkRequest($request) { function checkRequest($request) {