Skip to content
Snippets Groups Projects
Commit cda62e2d authored by Peter Rotich's avatar Peter Rotich
Browse files

Add CSRF protection to logout link - Auth token is used to avoid possibly leaking real csrf token

parent ecb9178f
Branches
Tags
No related merge requests found
...@@ -23,7 +23,6 @@ ...@@ -23,7 +23,6 @@
if($ost && ($headers=$ost->getExtraHeaders())) { if($ost && ($headers=$ost->getExtraHeaders())) {
echo "\n\t".implode("\n\t", $headers)."\n"; echo "\n\t".implode("\n\t", $headers)."\n";
} }
csrf_enable_ajax();
?> ?>
</head> </head>
<body onunload=""> <body onunload="">
...@@ -37,7 +36,8 @@ ...@@ -37,7 +36,8 @@
<?php }else{ ?> <?php }else{ ?>
| <a href="index.php">Staff Panel</a> | <a href="index.php">Staff Panel</a>
<?php } ?> <?php } ?>
| <a href="profile.php">My Preferences</a> | <a href="logout.php">Log Out</a> | <a href="profile.php">My Preferences</a>
| <a href="logout.php?auth=<?php echo md5($ost->getCSRFToken().SECRET_SALT.session_id()); ?>">Log Out</a>
</p> </p>
</div> </div>
<ul id="nav"> <ul id="nav">
......
...@@ -15,6 +15,10 @@ ...@@ -15,6 +15,10 @@
vim: expandtab sw=4 ts=4 sts=4: vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/ **********************************************************************/
require('staff.inc.php'); require('staff.inc.php');
//CSRF Check: Make sure the user actually clicked on the link to logout.
if(!$_GET['auth'] || $_GET['auth']!=md5($ost->getCSRFToken().SECRET_SALT.session_id()))
@header('Location: index.php');
$ost->logDebug('Staff logout', $ost->logDebug('Staff logout',
sprintf("%s logged out [%s]", sprintf("%s logged out [%s]",
$thisstaff->getUserName(), $_SERVER['REMOTE_ADDR'])); //Debug. $thisstaff->getUserName(), $_SERVER['REMOTE_ADDR'])); //Debug.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment