Global: Fix CSRF vulnerabilities in /logout and language change

Closes #281
2024-09-21 08:36:17 +03:00 · 2021-12-05 00:48:25 +02:00 · 2021-12-05 00:48:25 +02:00 · 98f8819c17
commit 98f8819c17
parent 735e75fa21
4 changed files with 4 additions and 2 deletions
--- a/Web/Presenters/AboutPresenter.php
+++ b/Web/Presenters/AboutPresenter.php
@ -63,6 +63,7 @@ final class AboutPresenter extends OpenVKPresenter
        $this->template->languages = getLanguages();
        
        if(!is_null($_GET['lg'])){
+            $this->assertNoCSRF();
            setLanguage($_GET['lg']);
        }
    }
--- a/Web/Presenters/AuthPresenter.php
+++ b/Web/Presenters/AuthPresenter.php
@ -182,6 +182,7 @@ final class AuthPresenter extends OpenVKPresenter
    function renderLogout(): void
    {
        $this->assertUserLoggedIn();
+        $this->assertNoCSRF();
        $this->authenticator->logout();
        Session::i()->set("_su", NULL);
        
--- a/Web/Presenters/templates/@layout.xml
+++ b/Web/Presenters/templates/@layout.xml
@ -108,7 +108,7 @@
                        </a>
                    </div>
                    <div class="link">
-                        <a href="/logout">{_"header_log_out"}</a>
+                        <a href="/logout?hash={urlencode($csrfToken)}">{_"header_log_out"}</a>
                    </div>
                    <div class="link">
                        <form action="/search" method="get">
--- a/Web/Presenters/templates/About/Language.xml
+++ b/Web/Presenters/templates/About/Language.xml
@ -8,7 +8,7 @@
 {block content}
    <div class="navigation">
    {foreach $languages as $language}
-        <a href="language?lg={$language['code']}" class="link"><img src="/assets/packages/static/openvk/img/flags/{$language['flag']}.gif"> {$language['native_name']}</a>
+        <a href="language?lg={$language['code']}&hash={urlencode($csrfToken)}" class="link"><img src="/assets/packages/static/openvk/img/flags/{$language['flag']}.gif"> {$language['native_name']}</a>
    {/foreach}
    </div>
 {/block}