Fix bug in crsf token handling

phpcs-errors:238 phpunit-status:successful
2020-07-03 17:54:40 +02:00 · 2020-07-03 17:54:40 +02:00 · ef638ee9c4
commit ef638ee9c4
parent c8cce85893
2 changed files with 12 additions and 7 deletions
--- a/functions/functions.php
+++ b/functions/functions.php
@ -258,11 +258,11 @@ function identical_values(array $arrayA, array $arrayB):bool {
 */
 function getAntiCsrfToken():string {
-    if (empty($_SESSION['anti-csrf-token'])) {
+    if (empty($_SESSION['csrf-token'])) {
-        $_SESSION['anti-csrf-token'] = bin2hex(random_bytes(32));
+        $_SESSION['csrf-token'] = bin2hex(random_bytes(32));
    }
-    return $_SESSION['anti-csrf-token'];
+    return $_SESSION['csrf-token'];
 }
@ -275,14 +275,15 @@ function getAntiCsrfToken():string {
 function validateAntiCsrfToken():bool {
    $validity = false;
-    if (!empty($_POST['anti-csrf-token'])
+    if (!empty($_POST['csrf-token'])
-        && !empty($_SESSION['anti-csrf-token'])
+        && !empty($_SESSION['csrf-token'])
-        && hash_equals($_SESSION['anti-csrf-token'], $_POST['anti-csrf-token']) === true
+        && hash_equals($_SESSION['csrf-token'], $_POST['csrf-token']) === true
    ) {
        $validity = true;
    }
-    $_SESSION['anti-csrf-token'] = null; unset($_SESSION['anti-csrf-token']);
+    $_SESSION['csrf-token'] = null; unset($_SESSION['csrf-token']);
    return $validity;
 }
--- a/upload.php
+++ b/upload.php
@ -6,6 +6,10 @@ $target = "csv/";
 $target .= basename($_FILES['uploaded']['name']);
 $targetpart = basename($_FILES['uploaded']['name']);
 if (session_status() != PHP_SESSION_ACTIVE) {
    session_start();
 }
 if (validateAntiCsrfToken() === false) {
    throw new WrongCsrfTokenException();
 }