diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-02-03 22:08:03 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-02-03 22:08:03 +0000 |
| commit | 6cf335e8f6ce162642c5e565f43c0c161ace1dd2 (patch) | |
| tree | d5eb16d6f816e1e3be0807e5ace98e86f46b55e6 /roundcubemail/index.php | |
| parent | 9c6ae69d2a75ebc604866e32e1633a320df8f92e (diff) | |
protect login form submission from CSRF using a request token
git-svn-id: https://svn.roundcube.net/trunk@4490 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/index.php')
| -rw-r--r-- | roundcubemail/index.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/roundcubemail/index.php b/roundcubemail/index.php index a80e76d68..bf38874d0 100644 --- a/roundcubemail/index.php +++ b/roundcubemail/index.php @@ -75,6 +75,8 @@ $RCMAIL->action = $startup['action']; // try to log in if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { + $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(RCUBE_INPUT_POST, 'login'); + // purge the session in case of new login when a session already exists $RCMAIL->kill_session(); @@ -84,13 +86,14 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { 'pass' => get_input_value('_pass', RCUBE_INPUT_POST, true, $RCMAIL->config->get('password_charset', 'ISO-8859-1')), 'cookiecheck' => true, + 'valid' => $request_valid, )); // check if client supports cookies if ($auth['cookiecheck'] && empty($_COOKIE)) { $OUTPUT->show_message("cookiesdisabled", 'warning'); } - else if ($_SESSION['temp'] && !$auth['abort'] && + else if ($auth['valid'] && !$auth['abort'] && !empty($auth['host']) && !empty($auth['user']) && $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) { // create new session ID @@ -123,7 +126,7 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { else { $error_code = is_object($IMAP) ? $IMAP->get_error_code() : -1; - $OUTPUT->show_message($error_code < -1 ? 'imaperror' : 'loginfailed', 'warning'); + $OUTPUT->show_message($error_code < -1 ? 'imaperror' : (!$auth['valid'] ? 'invalidrequest' : 'loginfailed'), 'warning'); $RCMAIL->plugins->exec_hook('login_failed', array( 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user'])); $RCMAIL->kill_session(); @@ -167,7 +170,7 @@ if (empty($RCMAIL->user->ID)) { ); } - $OUTPUT->set_env('task', 'login'); + $RCMAIL->set_task('login'); $OUTPUT->send('login'); } // CSRF prevention |