Fix bug in crsf token handling

phpcs-errors:238 phpunit-status:successful
This commit is contained in:
Joshua Ramon Enslin 2020-07-03 17:54:40 +02:00 committed by Stefan Rohde-Enslin
parent c8cce85893
commit ef638ee9c4
2 changed files with 12 additions and 7 deletions

View File

@ -258,11 +258,11 @@ function identical_values(array $arrayA, array $arrayB):bool {
*/ */
function getAntiCsrfToken():string { function getAntiCsrfToken():string {
if (empty($_SESSION['anti-csrf-token'])) { if (empty($_SESSION['csrf-token'])) {
$_SESSION['anti-csrf-token'] = bin2hex(random_bytes(32)); $_SESSION['csrf-token'] = bin2hex(random_bytes(32));
} }
return $_SESSION['anti-csrf-token']; return $_SESSION['csrf-token'];
} }
@ -275,14 +275,15 @@ function getAntiCsrfToken():string {
function validateAntiCsrfToken():bool { function validateAntiCsrfToken():bool {
$validity = false; $validity = false;
if (!empty($_POST['anti-csrf-token']) if (!empty($_POST['csrf-token'])
&& !empty($_SESSION['anti-csrf-token']) && !empty($_SESSION['csrf-token'])
&& hash_equals($_SESSION['anti-csrf-token'], $_POST['anti-csrf-token']) === true && hash_equals($_SESSION['csrf-token'], $_POST['csrf-token']) === true
) { ) {
$validity = true; $validity = true;
} }
$_SESSION['anti-csrf-token'] = null; unset($_SESSION['anti-csrf-token']); $_SESSION['csrf-token'] = null; unset($_SESSION['csrf-token']);
return $validity; return $validity;
} }

View File

@ -6,6 +6,10 @@ $target = "csv/";
$target .= basename($_FILES['uploaded']['name']); $target .= basename($_FILES['uploaded']['name']);
$targetpart = basename($_FILES['uploaded']['name']); $targetpart = basename($_FILES['uploaded']['name']);
if (session_status() != PHP_SESSION_ACTIVE) {
session_start();
}
if (validateAntiCsrfToken() === false) { if (validateAntiCsrfToken() === false) {
throw new WrongCsrfTokenException(); throw new WrongCsrfTokenException();
} }