Fossil SCM
Strengthen CSRF requirements for the skin editor.
Commit
6912636dc3d22cadf8b9912783e8c0335ea09f4693ae64bdfcffb82951a63f3d
Parent
5feae3fd75ca0ce…
1 file changed
+4
-2
+4
-2
| --- src/skins.c | ||
| +++ src/skins.c | ||
| @@ -840,11 +840,11 @@ | ||
| 840 | 840 | zTitle = mprintf("%s for Draft%d", aSkinAttr[ii].zTitle, iSkin); |
| 841 | 841 | zBasis = PD("basis","current"); |
| 842 | 842 | zDflt = skin_file_content(zBasis, zFile); |
| 843 | 843 | zOrig = db_get_mprintf(zDflt, "draft%d-%s",iSkin,zFile); |
| 844 | 844 | zContent = PD(zFile,zOrig); |
| 845 | - if( P("revert")!=0 && cgi_csrf_safe(0) ){ | |
| 845 | + if( P("revert")!=0 && cgi_csrf_safe(2) ){ | |
| 846 | 846 | zContent = zDflt; |
| 847 | 847 | isRevert = 1; |
| 848 | 848 | } |
| 849 | 849 | |
| 850 | 850 | db_begin_transaction(); |
| @@ -857,11 +857,13 @@ | ||
| 857 | 857 | @ <form action="%R/setup_skinedit" method="post"><div> |
| 858 | 858 | login_insert_csrf_secret(); |
| 859 | 859 | @ <input type='hidden' name='w' value='%d(ii)'> |
| 860 | 860 | @ <input type='hidden' name='sk' value='%d(iSkin)'> |
| 861 | 861 | @ <h2>Edit %s(zTitle):</h2> |
| 862 | - if( P("submit") && cgi_csrf_safe(0) && (zOrig==0 || strcmp(zOrig,zContent)!=0) ){ | |
| 862 | + if( P("submit") && cgi_csrf_safe(2) | |
| 863 | + && (zOrig==0 || strcmp(zOrig,zContent)!=0) | |
| 864 | + ){ | |
| 863 | 865 | db_set_mprintf(zContent, 0, "draft%d-%s",iSkin,zFile); |
| 864 | 866 | } |
| 865 | 867 | @ <textarea name="%s(zFile)" rows="10" cols="80">\ |
| 866 | 868 | @ %h(zContent)</textarea> |
| 867 | 869 | @ <br> |
| 868 | 870 |
| --- src/skins.c | |
| +++ src/skins.c | |
| @@ -840,11 +840,11 @@ | |
| 840 | zTitle = mprintf("%s for Draft%d", aSkinAttr[ii].zTitle, iSkin); |
| 841 | zBasis = PD("basis","current"); |
| 842 | zDflt = skin_file_content(zBasis, zFile); |
| 843 | zOrig = db_get_mprintf(zDflt, "draft%d-%s",iSkin,zFile); |
| 844 | zContent = PD(zFile,zOrig); |
| 845 | if( P("revert")!=0 && cgi_csrf_safe(0) ){ |
| 846 | zContent = zDflt; |
| 847 | isRevert = 1; |
| 848 | } |
| 849 | |
| 850 | db_begin_transaction(); |
| @@ -857,11 +857,13 @@ | |
| 857 | @ <form action="%R/setup_skinedit" method="post"><div> |
| 858 | login_insert_csrf_secret(); |
| 859 | @ <input type='hidden' name='w' value='%d(ii)'> |
| 860 | @ <input type='hidden' name='sk' value='%d(iSkin)'> |
| 861 | @ <h2>Edit %s(zTitle):</h2> |
| 862 | if( P("submit") && cgi_csrf_safe(0) && (zOrig==0 || strcmp(zOrig,zContent)!=0) ){ |
| 863 | db_set_mprintf(zContent, 0, "draft%d-%s",iSkin,zFile); |
| 864 | } |
| 865 | @ <textarea name="%s(zFile)" rows="10" cols="80">\ |
| 866 | @ %h(zContent)</textarea> |
| 867 | @ <br> |
| 868 |
| --- src/skins.c | |
| +++ src/skins.c | |
| @@ -840,11 +840,11 @@ | |
| 840 | zTitle = mprintf("%s for Draft%d", aSkinAttr[ii].zTitle, iSkin); |
| 841 | zBasis = PD("basis","current"); |
| 842 | zDflt = skin_file_content(zBasis, zFile); |
| 843 | zOrig = db_get_mprintf(zDflt, "draft%d-%s",iSkin,zFile); |
| 844 | zContent = PD(zFile,zOrig); |
| 845 | if( P("revert")!=0 && cgi_csrf_safe(2) ){ |
| 846 | zContent = zDflt; |
| 847 | isRevert = 1; |
| 848 | } |
| 849 | |
| 850 | db_begin_transaction(); |
| @@ -857,11 +857,13 @@ | |
| 857 | @ <form action="%R/setup_skinedit" method="post"><div> |
| 858 | login_insert_csrf_secret(); |
| 859 | @ <input type='hidden' name='w' value='%d(ii)'> |
| 860 | @ <input type='hidden' name='sk' value='%d(iSkin)'> |
| 861 | @ <h2>Edit %s(zTitle):</h2> |
| 862 | if( P("submit") && cgi_csrf_safe(2) |
| 863 | && (zOrig==0 || strcmp(zOrig,zContent)!=0) |
| 864 | ){ |
| 865 | db_set_mprintf(zContent, 0, "draft%d-%s",iSkin,zFile); |
| 866 | } |
| 867 | @ <textarea name="%s(zFile)" rows="10" cols="80">\ |
| 868 | @ %h(zContent)</textarea> |
| 869 | @ <br> |
| 870 |