From 1a4f1df5bae42480e87ceabb2b2203ec95012876 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Fri, 20 Jul 2012 15:30:59 -0400
Subject: [PATCH] Add CSRF protection to client's forms

---
 client.inc.php               | 11 ++++++++++-
 include/client/login.inc.php |  1 +
 include/client/open.inc.php  |  1 +
 include/client/view.inc.php  |  1 +
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/client.inc.php b/client.inc.php
index 1908eaa1b..91956c0d7 100644
--- a/client.inc.php
+++ b/client.inc.php
@@ -51,8 +51,17 @@ if($_SESSION['_client']['userID'] && $_SESSION['_client']['key'])
 if($thisclient && $thisclient->getId() && $thisclient->isValid()){
      $thisclient->refreshSession();
 }
+
+/******* CSRF Protectin *************/
+// Enforce CSRF protection for POSTS
+if ($_POST  && !$ost->checkCSRFToken()) {
+    @header('Location: index.php');
+    //just incase redirect fails
+    die('Action denied (400)!');
+}
+
 /* Client specific defaults */
-define('PAGE_LIMIT',DEFAULT_PAGE_LIMIT);
+define('PAGE_LIMIT', DEFAULT_PAGE_LIMIT);
 
 $nav = new UserNav($thisclient, 'home');
 ?>
diff --git a/include/client/login.inc.php b/include/client/login.inc.php
index 0ff10e3f4..e1e52e9d4 100644
--- a/include/client/login.inc.php
+++ b/include/client/login.inc.php
@@ -7,6 +7,7 @@ $ticketid=Format::input($_POST['lticket']?$_POST['lticket']:$_GET['t']);
 <h1>Check Ticket Status</h1>
 <p>To view the status of a ticket, provide us with the login details below.</p>
 <form action="login.php" method="post" id="clientLogin">
+    <?php csrf_token(); ?>
     <strong>Authentication Required</strong>
     <div>
         <label for="email">E-Mail Address:</label>
diff --git a/include/client/open.inc.php b/include/client/open.inc.php
index 9c2a82b47..b85c1e337 100644
--- a/include/client/open.inc.php
+++ b/include/client/open.inc.php
@@ -13,6 +13,7 @@ $info=($_POST && $errors)?Format::htmlchars($_POST):$info;
 <h1>Open a New Ticket</h1>
 <p>Please fill in the form below to open a new ticket.</p>
 <form id="ticketForm" method="post" action="open.php" enctype="multipart/form-data">
+    <?php csrf_token(); ?>
     <input type="hidden" name="a" value="open">
     <div>
         <label for="name" class="required">Full Name:</label>
diff --git a/include/client/view.inc.php b/include/client/view.inc.php
index debddc4ed..5aba461fc 100644
--- a/include/client/view.inc.php
+++ b/include/client/view.inc.php
@@ -91,6 +91,7 @@ if($ticket->getThreadCount() && ($thread=$ticket->getClientThread())) {
     <div id="msg_warning"><?php echo $warn; ?></div>
 <?php } ?>
 <form id="reply" action="tickets.php?id=<?php echo $ticket->getExtId(); ?>#reply" name="reply" method="post" enctype="multipart/form-data">
+    <?php csrf_token(); ?>
     <h2>Post a Reply</h2>
     <input type="hidden" name="id" value="<?php echo $ticket->getExtId(); ?>">
     <input type="hidden" name="a" value="reply">
-- 
GitLab