From eb3ee4cdcedeff2ac9b28a1f1df180346294e45c Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 20 Jul 2015 14:31:53 -0500
Subject: [PATCH] csrf: Always rotate the token to prevent double submissions

---
 include/class.csrf.php     | 6 +++++-
 include/class.osticket.php | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/class.csrf.php b/include/class.csrf.php
index a1c3aed21..283aef53b 100644
--- a/include/class.csrf.php
+++ b/include/class.csrf.php
@@ -71,7 +71,11 @@ Class CSRF {
     }
 
     function validateToken($token) {
-        return ($token && trim($token)==$this->getToken() && !$this->isExpired());
+        $rv = $token && trim($token)==$this->getToken() && !$this->isExpired();
+        // Prevent the token from being reused
+        if ($rv && !defined('AJAX_REQUEST'))
+            $this->rotate();
+        return $rv;
     }
 
     function getFormInput($name='') {
diff --git a/include/class.osticket.php b/include/class.osticket.php
index 23e363739..782dcfd3c 100644
--- a/include/class.osticket.php
+++ b/include/class.osticket.php
@@ -111,8 +111,8 @@ class osTicket {
         return ($token && $this->getCSRF()->validateToken($token));
     }
 
-    function checkCSRFToken($name='') {
-        $name = $name?$name:$this->getCSRF()->getTokenName();
+    function checkCSRFToken($name=false) {
+        $name = $name ?: $this->getCSRF()->getTokenName();
         if(isset($_POST[$name]) && $this->validateCSRFToken($_POST[$name]))
             return true;
 
-- 
GitLab