tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX Fixed ComplexTableField and TableListField GET actions against CSRF attacks (with Form_SecurityToken->checkRequest())

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113276 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-11-01 01:28:54 +00:00 committed by Sam Minnee
parent 4298cda6aa
commit b3a086e2c9
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
forms/ComplexTableField.php
View File

@ -749,7 +749,11 @@ class ComplexTableField_ItemRequest extends TableListField_ItemRequest {
return $this->renderWith($this->ctf->templatePopup); return $this->renderWith($this->ctf->templatePopup);
} }
function delete() { function delete($request) {
// Protect against CSRF on destructive action
$token = $this->ctf->getForm()->getSecurityToken();
if(!$token->checkRequest($request)) return $this->httpError(400);
if($this->ctf->Can('delete') !== true) { if($this->ctf->Can('delete') !== true) {
return false; return false;
} }

13
forms/TableListField.php
View File

@ -559,7 +559,11 @@ JS
/** /**
* @return String * @return String
*/ */
function delete() { function delete($request) {
// Protect against CSRF on destructive action
$token = $this->getForm()->getSecurityToken();
if(!$token->checkRequest($request)) return $this->httpError('400');
if($this->Can('delete') !== true) { if($this->Can('delete') !== true) {
return false; return false;
} }
@ -1438,6 +1442,7 @@ class TableListField_Item extends ViewableData {
function Link($action = null) { function Link($action = null) {
$form = $this->parent->getForm(); $form = $this->parent->getForm();
if($form) { if($form) {
$token = $form->getSecurityToken();
$parentUrlParts = parse_url($this->parent->Link()); $parentUrlParts = parse_url($this->parent->Link());
$queryPart = (isset($parentUrlParts['query'])) ? '?' . $parentUrlParts['query'] : null; $queryPart = (isset($parentUrlParts['query'])) ? '?' . $parentUrlParts['query'] : null;
// Ensure that URL actions not routed through Form->httpSubmission() are protected against CSRF attacks. // Ensure that URL actions not routed through Form->httpSubmission() are protected against CSRF attacks.
@ -1567,7 +1572,11 @@ class TableListField_ItemRequest extends RequestHandler {
parent::__construct(); parent::__construct();
} }
function delete() { function delete($request) {
// Protect against CSRF on destructive action
$token = $this->ctf->getForm()->getSecurityToken();
if(!$token->checkRequest($request)) return $this->httpError('400');
if($this->ctf->Can('delete') !== true) { if($this->ctf->Can('delete') !== true) {
return false; return false;
} }