From b48a6abbbcd696741123712bc25f73fc01858b5a Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Mon, 21 Jan 2013 23:58:26 -0500
Subject: [PATCH] Add CSRF ( and open redirect) protection

---
 l.php     | 5 +++--
 scp/l.php | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/l.php b/l.php
index 286a17299..cbe9943fc 100644
--- a/l.php
+++ b/l.php
@@ -14,8 +14,9 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require 'secure.inc.php';
-$url = trim($_GET['url']);
-if (!$url || !Validator::is_url($url)) exit('Invalid url');
+//Basic url validation + token check.
+if (!($url=trim($_GET['url'])) || !Validator::is_url($url) || !$ost->validateLinkToken($_GET['auth']))
+    exit('Invalid url');
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
diff --git a/scp/l.php b/scp/l.php
index dec8c0a6a..167b4cff3 100644
--- a/scp/l.php
+++ b/scp/l.php
@@ -14,8 +14,9 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require_once 'staff.inc.php';
-$url = trim($_GET['url']);
-if (!$url || !Validator::is_url($url)) exit('Invalid url');
+//Basic url validation + token check.
+if (!($url=trim($_GET['url'])) || !Validator::is_url($url) || !$ost->validateLinkToken($_GET['auth']))
+    exit('Invalid url');
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
-- 
GitLab