diff options
| author | Andrew Dolgov <[email protected]> | 2020-09-15 16:12:53 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2020-09-15 16:12:53 +0300 |
| commit | 8080c525fd453bfba9c35f01a08013e148bb2144 (patch) | |
| tree | d17bf661dfebf3d2ea16c78d821dbb78f07bf0d3 /classes | |
| parent | aeaafefa07b31c99efd27653ad22f4040572d441 (diff) | |
- backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
Diffstat (limited to 'classes')
| -rwxr-xr-x | classes/feeds.php | 4 | ||||
| -rwxr-xr-x | classes/handler/public.php | 6 |
2 files changed, 5 insertions, 5 deletions
diff --git a/classes/feeds.php b/classes/feeds.php index 58ba1b6f8..71890f6ab 100755 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -751,7 +751,7 @@ class Feeds extends Handler_Protected { $feed_id = (int)$_REQUEST["feed_id"]; @$do_update = $_REQUEST["action"] == "do_update"; - $csrf_token = $_REQUEST["csrf_token"]; + $csrf_token = $_POST["csrf_token"]; $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE id = ? AND owner_uid = ?"); $sth->execute([$feed_id, $_SESSION['uid']]); @@ -799,7 +799,7 @@ class Feeds extends Handler_Protected { <div class="container"> <h1>Feed Debugger: <?php echo "$feed_id: " . $this->getFeedTitle($feed_id) ?></h1> <div class="content"> - <form method="GET" action=""> + <form method="post" action=""> <input type="hidden" name="op" value="feeds"> <input type="hidden" name="method" value="update_debugger"> <input type="hidden" name="xdebug" value="1"> diff --git a/classes/handler/public.php b/classes/handler/public.php index 7f8d01ad0..e4199a95e 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -291,7 +291,7 @@ class Handler_Public extends Handler { $uuid = clean($_REQUEST["key"]); if ($uuid) { - $sth = $this->pdo->prepare("SELECT ref_id, owner_uid + $sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE uuid = ?"); $sth->execute([$uuid]); @@ -366,7 +366,7 @@ class Handler_Public extends Handler { } body.css_loading * { display : none; - } + } </style> <link rel='shortcut icon' type='image/png' href='images/favicon.png'> <link rel='icon' type='image/png' sizes='72x72' href='images/favicon-72px.png'>"; @@ -728,7 +728,7 @@ class Handler_Public extends Handler { if ($_SESSION["uid"]) { $feed_url = trim(clean($_REQUEST["feed_url"])); - $csrf_token = clean($_REQUEST["csrf_token"]); + $csrf_token = clean($_POST["csrf_token"]); header('Content-Type: text/html; charset=utf-8'); ?> |