[pLog-svn] r6084 - in plog/trunk: class/action/admin class/data class/data/validator templates/admin

mark at devel.lifetype.net mark at devel.lifetype.net
Wed Nov 28 14:29:08 EST 2007


Author: mark
Date: 2007-11-28 14:29:07 -0500 (Wed, 28 Nov 2007)
New Revision: 6084

Removed:
   plog/trunk/class/data/nonce.class.php
   plog/trunk/class/data/validator/noncevalidator.class.php
Modified:
   plog/trunk/class/action/admin/adminaction.class.php
   plog/trunk/class/action/admin/admindeletepostaction.class.php
   plog/trunk/templates/admin/editposts.template
Log:
Revert to rev. 6082.

Modified: plog/trunk/class/action/admin/adminaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaction.class.php	2007-11-27 21:05:57 UTC (rev 6083)
+++ plog/trunk/class/action/admin/adminaction.class.php	2007-11-28 19:29:07 UTC (rev 6084)
@@ -1,8 +1,7 @@
 <?php
 
 	lt_include( PLOG_CLASS_PATH."class/dao/blogstatus.class.php" );	
-    lt_include( PLOG_CLASS_PATH."class/data/nonce.class.php" );
-    
+
 	/**
 	 * @see AdminAction::requirePermission()
 	 */
@@ -35,7 +34,6 @@
 		var $_pm;
 		var $_userBlogs;
 		var $_permissions;
-		var $_nonce;
 
         /**
          * Constructor.
@@ -169,14 +167,6 @@
             $this->_view->setValue( "op", $this->_actionInfo->_actionParamValue );
 			$this->_view->setValue( "locale", $this->_locale );
 			$this->_view->setValue( "config", $this->_config );
-			
-			
-            //let's create a nonce to protect against CSRF
-            $nonce = new Nonce();
-            $this->_nonce = $nonce->getNonce();
-            $this->_session->setValue('nonce',$this->_nonce);
-			
-			$this->_view->setValue( "nonce", $this->_nonce );
         }
 
         /**
@@ -348,4 +338,4 @@
 			return( $view );
 		}		
     }
-?>
+?>
\ No newline at end of file

Modified: plog/trunk/class/action/admin/admindeletepostaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindeletepostaction.class.php	2007-11-27 21:05:57 UTC (rev 6083)
+++ plog/trunk/class/action/admin/admindeletepostaction.class.php	2007-11-28 19:29:07 UTC (rev 6084)
@@ -26,8 +26,6 @@
 			else 
 				$this->registerFieldValidator( "postIds", new ArrayValidator( new IntegerValidator()));
 
-            $this->registerFieldValidator( "nonce", new NonceValidator() );
-
 			$view = new AdminPostsListView( $this->_blogInfo );
 			$view->setErrorMessage( $this->_locale->tr("error_incorrect_article_id"));
 			$this->setValidationErrorView( $view );	
@@ -35,18 +33,6 @@
 			$this->requirePermission( "update_post" );	
         }
 
-		/**
-         *
-		 */
-		/*function validate()
-		{
-			$nonceValidator = new NonceValidator();
-			
-			if( !$nonceValidator->validate( $this->_request->getValue( "nonce" ) ) )
-                return false;
-		}*/
-
-
         /**
          * Carries out the specified action
          */
@@ -147,4 +133,4 @@
 	        return true;
 		}                
     }
-?>
+?>
\ No newline at end of file

Deleted: plog/trunk/class/data/nonce.class.php
===================================================================
--- plog/trunk/class/data/nonce.class.php	2007-11-27 21:05:57 UTC (rev 6083)
+++ plog/trunk/class/data/nonce.class.php	2007-11-28 19:29:07 UTC (rev 6084)
@@ -1,42 +0,0 @@
-<?php
-	/**
-	 * \ingroup Data
-	 *	
-	 * Class to generate random nonces to protect from CSRF attacks. 
-	 *
-	 */
-	class Nonce
-	{
-		var $_nonce = '';
-		
-		/**
-		 * Constructor. 
-		 */
-		function Nonce()
-		{
-			$this->_nonce = $this->create();
-
-		}
-		
-		
-		/**
-		 * generates a new nonce
-		 *
-		 * @return a reasonably enough random string
-		 */
-		function create()
-		{
-            
-            $nonce = md5(time().rand(1000,9999));
-			return( $nonce );
-
-		}
-		
-		function getNonce() 
-		{
-            		return $this->_nonce;
-		}
-
-
-	}
-?>

Deleted: plog/trunk/class/data/validator/noncevalidator.class.php
===================================================================
--- plog/trunk/class/data/validator/noncevalidator.class.php	2007-11-27 21:05:57 UTC (rev 6083)
+++ plog/trunk/class/data/validator/noncevalidator.class.php	2007-11-28 19:29:07 UTC (rev 6084)
@@ -1,41 +0,0 @@
-<?php
-
-
-
-    /**
-     * \ingroup Validator
-     *
-     * Validates nonces protecting sensitive actions from CSRF:
-     *
-     *
-     */
-    class NonceValidator extends Validator 
-    {
-    	function NonceValidator()
-        {
-        	$this->Validator();
-        }
-        
-        
-        function validate($requestNonce)
-        {
-            $log = LoggerManager::getLogger( "debug" );
-            
-            // get the session nonce
-            $session = HttpVars::getSession();
-            $this->_session = $session["SessionInfo"];
-            $sessionNonce = $this->_session->getValue('nonce');
-            
-            $log->info('request: '. $requestNonce);
-            $log->info('session: '. $sessionNonce);
-
-            if ($requestNonce === $sessionNonce) {
-                return true;
-            }  
-            else {
-                return false;
-            }
-                
-        }
-    }
-?>

Modified: plog/trunk/templates/admin/editposts.template
===================================================================
--- plog/trunk/templates/admin/editposts.template	2007-11-27 21:05:57 UTC (rev 6083)
+++ plog/trunk/templates/admin/editposts.template	2007-11-28 19:29:07 UTC (rev 6084)
@@ -120,7 +120,6 @@
         <a name="bulkEdit"></a>
         <div id="list_action_bar">
 			{check_perms perm=update_post}
-            <input type="hidden" name="nonce" value="{$nonce}" />
             <input type="submit" name="delete" value="{$locale->tr("delete")}" class="submit" />
             <input type="hidden" name="op" value="deletePosts" />
 			{/check_perms}



More information about the pLog-svn mailing list