Skip to content
Snippets Groups Projects
Commit eb3ee4cd authored by Jared Hancock's avatar Jared Hancock
Browse files

csrf: Always rotate the token to prevent double submissions

parent 35acdea8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
include/class.csrf.php
+ 5
1
View file @ eb3ee4cd
...@@ -71,7 +71,11 @@ Class CSRF { ...@@ -71,7 +71,11 @@ Class CSRF {
} }
function validateToken($token) { function validateToken($token) {
return ($token && trim($token)==$this->getToken() && !$this->isExpired()); $rv = $token && trim($token)==$this->getToken() && !$this->isExpired();
// Prevent the token from being reused
if ($rv && !defined('AJAX_REQUEST'))
$this->rotate();
return $rv;
} }
function getFormInput($name='') { function getFormInput($name='') {
......
include/class.osticket.php
+ 2
2
View file @ eb3ee4cd
...@@ -111,8 +111,8 @@ class osTicket { ...@@ -111,8 +111,8 @@ class osTicket {
return ($token && $this->getCSRF()->validateToken($token)); return ($token && $this->getCSRF()->validateToken($token));
} }
function checkCSRFToken($name='') { function checkCSRFToken($name=false) {
$name = $name?$name:$this->getCSRF()->getTokenName(); $name = $name ?: $this->getCSRF()->getTokenName();
if(isset($_POST[$name]) && $this->validateCSRFToken($_POST[$name])) if(isset($_POST[$name]) && $this->validateCSRFToken($_POST[$name]))
return true; return true;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment