Add CSRF token to protect unauthenticated requests

francoisjacquet · Apr 25, 2022 · 3c23d83 · 3c23d83
1 parent ec3f70c
commit 3c23d83
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -58,6 +58,7 @@ Changes in 9.0
 - JS add DOMPurify 2.3.6 in assets/js/DOMPurify/ & Gruntfile.js
 - JS fix stored XSS issue related to MarkDown in warehouse.js & plugins.min.js, thanks to @intrapus
 - JS remove logged in check on history back in warehouse.js & plugins.min.js
+- Add CSRF token to protect unauthenticated requests in Warehouse.php & login.php, thanks to @khanhchauminh
 
 Changes in 8.9.5
 ----------------

diff --git a/Warehouse.php b/Warehouse.php
@@ -148,6 +148,17 @@
 
 session_start();
 
+if ( empty( $_SESSION['token'] ) )
+{
+	/**
+	 * Add CSRF token to protect unauthenticated requests
+	 *
+	 * @since 9.0
+	 * @link https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work
+	 */
+	$_SESSION['token'] = bin2hex( openssl_random_pseudo_bytes( 16 ) );
+}
+
 if ( empty( $_SESSION['STAFF_ID'] )
 	&& empty( $_SESSION['STUDENT_ID'] )
 	&& ( basename( $_SERVER['SCRIPT_NAME'] ) === 'Modules.php'

diff --git a/index.php b/index.php
@@ -92,6 +92,14 @@
 	elseif ( isset( $_COOKIE['RosarioSIS'] ) )
 	{
 		session_regenerate_id( true ); // And invalidate old session.
+
+		/**
+		 * Add CSRF token to protect unauthenticated requests
+		 *
+		 * @since 9.0
+		 * @link https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work
+		 */
+		$_SESSION['token'] = bin2hex( openssl_random_pseudo_bytes( 16 ) );
 	}
 
 	// Fix SQL error value too long for type character varying(100).