From 3c23d83edc1e1eddaaf6aae4ae6da4396fcc0f17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Jacquet?= Date: Mon, 25 Apr 2022 21:44:19 +0200 Subject: [PATCH] Add CSRF token to protect unauthenticated requests --- CHANGES.md | 1 + Warehouse.php | 11 +++++++++++ index.php | 8 ++++++++ 3 files changed, 20 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 6debc8914..96509f3a6 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -58,6 +58,7 @@ Changes in 9.0 - JS add DOMPurify 2.3.6 in assets/js/DOMPurify/ & Gruntfile.js - JS fix stored XSS issue related to MarkDown in warehouse.js & plugins.min.js, thanks to @intrapus - JS remove logged in check on history back in warehouse.js & plugins.min.js +- Add CSRF token to protect unauthenticated requests in Warehouse.php & login.php, thanks to @khanhchauminh Changes in 8.9.5 ---------------- diff --git a/Warehouse.php b/Warehouse.php index 3357fa60c..989d8e10f 100644 --- a/Warehouse.php +++ b/Warehouse.php @@ -148,6 +148,17 @@ session_start(); +if ( empty( $_SESSION['token'] ) ) +{ + /** + * Add CSRF token to protect unauthenticated requests + * + * @since 9.0 + * @link https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work + */ + $_SESSION['token'] = bin2hex( openssl_random_pseudo_bytes( 16 ) ); +} + if ( empty( $_SESSION['STAFF_ID'] ) && empty( $_SESSION['STUDENT_ID'] ) && ( basename( $_SERVER['SCRIPT_NAME'] ) === 'Modules.php' diff --git a/index.php b/index.php index b09a206e0..6e84f34d8 100644 --- a/index.php +++ b/index.php @@ -92,6 +92,14 @@ elseif ( isset( $_COOKIE['RosarioSIS'] ) ) { session_regenerate_id( true ); // And invalidate old session. + + /** + * Add CSRF token to protect unauthenticated requests + * + * @since 9.0 + * @link https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work + */ + $_SESSION['token'] = bin2hex( openssl_random_pseudo_bytes( 16 ) ); } // Fix SQL error value too long for type character varying(100).