Merge 27b97b5a7c into ad81851375

2016-01-30 22:50:04 +00:00 · 2016-01-30 22:50:04 +00:00 · 6669b188da
parent ad81851375 27b97b5a7c
commit 6669b188da
5 changed files with 28 additions and 5 deletions
--- a/composer.json
+++ b/composer.json
@ -13,6 +13,8 @@
 		"phpmailer/phpmailer": "5.2.6",
 		"symfony/http-foundation": "2.4.*",
 		"php-pushover/php-pushover": "dev-master",
-		"twig/twig": "1.*"
+		"twig/twig": "1.*",
+		"paragonie/random_compat" : "1.1.6",
+		"indigophp/hash-compat" : "1.1.0"
 	}
 }
--- a/src/includes/psmconfig.inc.php
+++ b/src/includes/psmconfig.inc.php
@ -29,7 +29,7 @@
 /**
 * Current PSM version
 */
-define('PSM_VERSION', '3.1.1');
+define('PSM_VERSION', '3.1.2');

 /**
 * URL to check for updates. Will not be checked if turned off on config page.
--- a/src/psm/Module/User/Controller/UserController.class.php
+++ b/src/psm/Module/User/Controller/UserController.class.php
@ -51,6 +51,23 @@ class UserController extends AbstractController {
 			'index', 'edit', 'delete', 'save',
 		), 'index');
 		$this->twig->addGlobal('subtitle', psm_get_lang('menu', 'user'));
+		$this->twig->addFunction(
+		    new \Twig_SimpleFunction(
+		        'form_token',
+		        function($lock_to = null) {
+		            if (empty($_SESSION['token'])) {
+		                $_SESSION['token'] = bin2hex(random_bytes(32));
+		            }
+		            if (empty($_SESSION['token2'])) {
+		                $_SESSION['token2'] = random_bytes(32);
+		            }
+		            if (empty($lock_to)) {
+		                return $_SESSION['token'];
+		            }
+		            return hash_hmac('sha256', $lock_to, $_SESSION['token2']);
+		        }
+		    )
+		);
 	}

 	public function initialize() {
@ -220,7 +237,9 @@ class UserController extends AbstractController {
 			return $this->executeIndex();
 		}
 		$user_id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
-
+		if (!hash_equals($_POST['token'], $_SESSION['token'])) {
+			return $this->executeIndex();
+		}
 		$fields = array('name', 'user_name', 'password', 'password_repeat', 'level', 'mobile', 'pushover_key', 'pushover_device', 'email');
 		$clean = array();
 		foreach($fields as $field) {
--- a/src/templates/default/module/user/profile.tpl.html
+++ b/src/templates/default/module/user/profile.tpl.html
@ -68,4 +68,5 @@
 		</div>
 	</div>
 	 </fieldset>
-</form>
+	 <input type="hidden" name="token" value="{{ form_token() }}" />
+</form>
--- a/src/templates/default/module/user/user/update.tpl.html
+++ b/src/templates/default/module/user/user/update.tpl.html
@ -79,4 +79,5 @@
 			<button class="btn" onclick="history.back();return false;" >{{ label_go_back }}</button>
 		</div>
 	 </fieldset>
-</form>
+	 <input type="hidden" name="token" value="{{ form_token() }}" />
+</form>