Fossil SCM
Strength the disapproval of moderation-pending attachments to disallow anonymous/nobody and use CSRF protections.
Commit
363649c5799b3af8d6064327a96c1a7194339b2978b225c9acab5bb0191cecca
Parent
2005cc0a9f7970b…
1 file changed
+6
-2
+6
-2
| --- src/attach.c | ||
| +++ src/attach.c | ||
| @@ -574,11 +574,13 @@ | ||
| 574 | 574 | rid = name_to_rid_www("name"); |
| 575 | 575 | if( rid==0 ){ fossil_redirect_home(); } |
| 576 | 576 | zUuid = rid_to_uuid(rid); |
| 577 | 577 | pAttach = manifest_get(rid, CFTYPE_ATTACHMENT, 0); |
| 578 | 578 | if( pAttach==0 ) fossil_redirect_home(); |
| 579 | - bUserIsOwner = 0==fossil_strcmp(pAttach->zUser, login_name()); | |
| 579 | + bUserIsOwner = | |
| 580 | + 0==fossil_strcmp(pAttach->zUser, login_name()) | |
| 581 | + && login_is_individual(); | |
| 580 | 582 | zTarget = pAttach->zAttachTarget; |
| 581 | 583 | zSrc = pAttach->zAttachSrc; |
| 582 | 584 | ridSrc = db_int(0,"SELECT rid FROM blob WHERE uuid='%q'", zSrc); |
| 583 | 585 | zName = pAttach->zAttachName; |
| 584 | 586 | zDesc = pAttach->zComment; |
| @@ -655,19 +657,20 @@ | ||
| 655 | 657 | (zTNUuid && g.perm.Write && g.perm.WrWiki)) |
| 656 | 658 | ){ |
| 657 | 659 | form_begin(0, "%R/ainfo/%!S", zUuid); |
| 658 | 660 | @ <p>Confirm you want to delete the attachment shown below. |
| 659 | 661 | @ <input type="submit" name="confirm" value="Confirm"> |
| 662 | + login_insert_csrf_secret(); | |
| 660 | 663 | @ </form> |
| 661 | 664 | } |
| 662 | 665 | |
| 663 | 666 | isModerator = g.perm.Admin || |
| 664 | 667 | (zForumPost && g.perm.ModForum) || |
| 665 | 668 | (zTktUuid && g.perm.ModTkt) || |
| 666 | 669 | (zWikiName && g.perm.ModWiki); |
| 667 | 670 | zModAction = P("modaction"); |
| 668 | - if( zModAction!=0 ){ | |
| 671 | + if( zModAction!=0 && cgi_csrf_safe(2) ){ | |
| 669 | 672 | if( strcmp(zModAction,"delete")==0 ){ |
| 670 | 673 | if( isModerator || bUserIsOwner ){ |
| 671 | 674 | moderation_disapprove(rid); |
| 672 | 675 | } |
| 673 | 676 | if( zForumPost ){ |
| @@ -739,10 +742,11 @@ | ||
| 739 | 742 | if( isModerator ){ |
| 740 | 743 | @ <label><input type="radio" name="modaction" value="approve"> |
| 741 | 744 | @ Approve this change</label><br> |
| 742 | 745 | } |
| 743 | 746 | @ <input type="submit" value="Submit"> |
| 747 | + login_insert_csrf_secret(); | |
| 744 | 748 | @ </form> |
| 745 | 749 | @ </blockquote> |
| 746 | 750 | } |
| 747 | 751 | |
| 748 | 752 | @ <div class="section">Content Appended</div> |
| 749 | 753 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -574,11 +574,13 @@ | |
| 574 | rid = name_to_rid_www("name"); |
| 575 | if( rid==0 ){ fossil_redirect_home(); } |
| 576 | zUuid = rid_to_uuid(rid); |
| 577 | pAttach = manifest_get(rid, CFTYPE_ATTACHMENT, 0); |
| 578 | if( pAttach==0 ) fossil_redirect_home(); |
| 579 | bUserIsOwner = 0==fossil_strcmp(pAttach->zUser, login_name()); |
| 580 | zTarget = pAttach->zAttachTarget; |
| 581 | zSrc = pAttach->zAttachSrc; |
| 582 | ridSrc = db_int(0,"SELECT rid FROM blob WHERE uuid='%q'", zSrc); |
| 583 | zName = pAttach->zAttachName; |
| 584 | zDesc = pAttach->zComment; |
| @@ -655,19 +657,20 @@ | |
| 655 | (zTNUuid && g.perm.Write && g.perm.WrWiki)) |
| 656 | ){ |
| 657 | form_begin(0, "%R/ainfo/%!S", zUuid); |
| 658 | @ <p>Confirm you want to delete the attachment shown below. |
| 659 | @ <input type="submit" name="confirm" value="Confirm"> |
| 660 | @ </form> |
| 661 | } |
| 662 | |
| 663 | isModerator = g.perm.Admin || |
| 664 | (zForumPost && g.perm.ModForum) || |
| 665 | (zTktUuid && g.perm.ModTkt) || |
| 666 | (zWikiName && g.perm.ModWiki); |
| 667 | zModAction = P("modaction"); |
| 668 | if( zModAction!=0 ){ |
| 669 | if( strcmp(zModAction,"delete")==0 ){ |
| 670 | if( isModerator || bUserIsOwner ){ |
| 671 | moderation_disapprove(rid); |
| 672 | } |
| 673 | if( zForumPost ){ |
| @@ -739,10 +742,11 @@ | |
| 739 | if( isModerator ){ |
| 740 | @ <label><input type="radio" name="modaction" value="approve"> |
| 741 | @ Approve this change</label><br> |
| 742 | } |
| 743 | @ <input type="submit" value="Submit"> |
| 744 | @ </form> |
| 745 | @ </blockquote> |
| 746 | } |
| 747 | |
| 748 | @ <div class="section">Content Appended</div> |
| 749 |
| --- src/attach.c | |
| +++ src/attach.c | |
| @@ -574,11 +574,13 @@ | |
| 574 | rid = name_to_rid_www("name"); |
| 575 | if( rid==0 ){ fossil_redirect_home(); } |
| 576 | zUuid = rid_to_uuid(rid); |
| 577 | pAttach = manifest_get(rid, CFTYPE_ATTACHMENT, 0); |
| 578 | if( pAttach==0 ) fossil_redirect_home(); |
| 579 | bUserIsOwner = |
| 580 | 0==fossil_strcmp(pAttach->zUser, login_name()) |
| 581 | && login_is_individual(); |
| 582 | zTarget = pAttach->zAttachTarget; |
| 583 | zSrc = pAttach->zAttachSrc; |
| 584 | ridSrc = db_int(0,"SELECT rid FROM blob WHERE uuid='%q'", zSrc); |
| 585 | zName = pAttach->zAttachName; |
| 586 | zDesc = pAttach->zComment; |
| @@ -655,19 +657,20 @@ | |
| 657 | (zTNUuid && g.perm.Write && g.perm.WrWiki)) |
| 658 | ){ |
| 659 | form_begin(0, "%R/ainfo/%!S", zUuid); |
| 660 | @ <p>Confirm you want to delete the attachment shown below. |
| 661 | @ <input type="submit" name="confirm" value="Confirm"> |
| 662 | login_insert_csrf_secret(); |
| 663 | @ </form> |
| 664 | } |
| 665 | |
| 666 | isModerator = g.perm.Admin || |
| 667 | (zForumPost && g.perm.ModForum) || |
| 668 | (zTktUuid && g.perm.ModTkt) || |
| 669 | (zWikiName && g.perm.ModWiki); |
| 670 | zModAction = P("modaction"); |
| 671 | if( zModAction!=0 && cgi_csrf_safe(2) ){ |
| 672 | if( strcmp(zModAction,"delete")==0 ){ |
| 673 | if( isModerator || bUserIsOwner ){ |
| 674 | moderation_disapprove(rid); |
| 675 | } |
| 676 | if( zForumPost ){ |
| @@ -739,10 +742,11 @@ | |
| 742 | if( isModerator ){ |
| 743 | @ <label><input type="radio" name="modaction" value="approve"> |
| 744 | @ Approve this change</label><br> |
| 745 | } |
| 746 | @ <input type="submit" value="Submit"> |
| 747 | login_insert_csrf_secret(); |
| 748 | @ </form> |
| 749 | @ </blockquote> |
| 750 | } |
| 751 | |
| 752 | @ <div class="section">Content Appended</div> |
| 753 |