public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2026-02-08 00:21:34 +00:00
Code Issues Releases Wiki Activity

- backend: require CSRF token to be passed via POST

Browse Source 
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
This commit is contained in:
Andrew Dolgov
2020-09-15 16:12:53 +03:00
parent aeaafefa07
commit 8080c525fd
6 changed files with 45 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
classes/feeds.php
View File

@@ -751,7 +751,7 @@ class Feeds extends Handler_Protected {
$feed_id = (int)$_REQUEST["feed_id"];
@$do_update = $_REQUEST["action"] == "do_update";
$csrf_token = $_REQUEST["csrf_token"];
$csrf_token = $_POST["csrf_token"];
$sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE id = ? AND owner_uid = ?");
$sth->execute([$feed_id, $_SESSION['uid']]);
@@ -799,7 +799,7 @@ class Feeds extends Handler_Protected {
<div class="container">
<h1>Feed Debugger: <?php echo "$feed_id: " . $this->getFeedTitle($feed_id) ?></h1>
<div class="content">
<form method="GET" action="">
<form method="post" action="">
<input type="hidden" name="op" value="feeds">
<input type="hidden" name="method" value="update_debugger">
<input type="hidden" name="xdebug" value="1">

6
classes/handler/public.php
View File

@@ -291,7 +291,7 @@ class Handler_Public extends Handler {
$uuid = clean($_REQUEST["key"]);
if ($uuid) {
$sth = $this->pdo->prepare("SELECT ref_id, owner_uid
$sth = $this->pdo->prepare("SELECT ref_id, owner_uid
FROM ttrss_user_entries WHERE uuid = ?");
$sth->execute([$uuid]);
@@ -366,7 +366,7 @@ class Handler_Public extends Handler {
}
body.css_loading * {
display : none;
}
}
</style>
<link rel='shortcut icon' type='image/png' href='images/favicon.png'>
<link rel='icon' type='image/png' sizes='72x72' href='images/favicon-72px.png'>";
@@ -728,7 +728,7 @@ class Handler_Public extends Handler {
if ($_SESSION["uid"]) {
$feed_url = trim(clean($_REQUEST["feed_url"]));
$csrf_token = clean($_REQUEST["csrf_token"]);
$csrf_token = clean($_POST["csrf_token"]);
header('Content-Type: text/html; charset=utf-8');
?>