[pLog-svn] r7014 - plugins/branches/lifetype-1.2/csrf
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Sat Jul 31 09:48:54 EDT 2010
Author: jondaley
Date: 2010-07-31 09:48:54 -0400 (Sat, 31 Jul 2010)
New Revision: 7014
Modified:
plugins/branches/lifetype-1.2/csrf/plugincsrf.class.php
Log:
bugfix: if an longer op (deleteResourceAlbum) has a shorter op (deleteResource) the parser used to convert the URL to op=deleteResource&CsrfToken=...Album&...
Modified: plugins/branches/lifetype-1.2/csrf/plugincsrf.class.php
===================================================================
--- plugins/branches/lifetype-1.2/csrf/plugincsrf.class.php 2010-07-31 06:25:34 UTC (rev 7013)
+++ plugins/branches/lifetype-1.2/csrf/plugincsrf.class.php 2010-07-31 13:48:54 UTC (rev 7014)
@@ -36,11 +36,11 @@
// TODO: only modify links that we explicitly care about?
$protectedOps = CsrfUrls::getProtectedOps();
foreach($protectedOps as $key => $op){
- $protectedOps[$key] = "/(op=$op)/";
+ $protectedOps[$key] = "/(op=$op)(\W)/";
}
$params['content'] = preg_replace($protectedOps, '$1' .
'&'.CSRF_TOKEN_NAME.'='.
- $sessioninfo->getValue(CSRF_TOKEN_NAME),
+ $sessioninfo->getValue(CSRF_TOKEN_NAME).'$2',
$params['content']);
// Handle all POST/forms
More information about the pLog-svn
mailing list