Global: Fix CSRF vulnerabilities in /logout and language change

Closes #281
This commit is contained in:
Maxim Leshchenko 2021-12-05 00:48:25 +02:00
parent 735e75fa21
commit 98f8819c17
No known key found for this signature in database
GPG key ID: BB9C44A8733FBEEE
4 changed files with 4 additions and 2 deletions

View file

@ -63,6 +63,7 @@ final class AboutPresenter extends OpenVKPresenter
$this->template->languages = getLanguages();
if(!is_null($_GET['lg'])){
$this->assertNoCSRF();
setLanguage($_GET['lg']);
}
}

View file

@ -182,6 +182,7 @@ final class AuthPresenter extends OpenVKPresenter
function renderLogout(): void
{
$this->assertUserLoggedIn();
$this->assertNoCSRF();
$this->authenticator->logout();
Session::i()->set("_su", NULL);

View file

@ -108,7 +108,7 @@
</a>
</div>
<div class="link">
<a href="/logout">{_"header_log_out"}</a>
<a href="/logout?hash={urlencode($csrfToken)}">{_"header_log_out"}</a>
</div>
<div class="link">
<form action="/search" method="get">

View file

@ -8,7 +8,7 @@
{block content}
<div class="navigation">
{foreach $languages as $language}
<a href="language?lg={$language['code']}" class="link"><img src="/assets/packages/static/openvk/img/flags/{$language['flag']}.gif"> {$language['native_name']}</a>
<a href="language?lg={$language['code']}&hash={urlencode($csrfToken)}" class="link"><img src="/assets/packages/static/openvk/img/flags/{$language['flag']}.gif"> {$language['native_name']}</a>
{/foreach}
</div>
{/block}