Add CSRF check on login and logout
This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it.
This commit is contained in:
parent
9385b97b5f
commit
73b914ddbc
|
@ -1,3 +1,5 @@
|
||||||
|
<?php /** @var $l OC_L10N */ ?>
|
||||||
|
|
||||||
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
|
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
|
||||||
<form method="post" name="login">
|
<form method="post" name="login">
|
||||||
<fieldset>
|
<fieldset>
|
||||||
|
@ -51,6 +53,7 @@
|
||||||
<label for="remember_login"><?php p($l->t('remember')); ?></label>
|
<label for="remember_login"><?php p($l->t('remember')); ?></label>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<input type="hidden" name="timezone-offset" id="timezone-offset"/>
|
<input type="hidden" name="timezone-offset" id="timezone-offset"/>
|
||||||
|
<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
|
||||||
<input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>"/>
|
<input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>"/>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -773,6 +773,7 @@ class OC {
|
||||||
OC_App::loadApps();
|
OC_App::loadApps();
|
||||||
OC_User::setupBackends();
|
OC_User::setupBackends();
|
||||||
if (isset($_GET["logout"]) and ($_GET["logout"])) {
|
if (isset($_GET["logout"]) and ($_GET["logout"])) {
|
||||||
|
OC_JSON::callCheck();
|
||||||
if (isset($_COOKIE['oc_token'])) {
|
if (isset($_COOKIE['oc_token'])) {
|
||||||
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
|
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
|
||||||
}
|
}
|
||||||
|
@ -939,6 +940,7 @@ class OC {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
OC_JSON::callCheck();
|
||||||
OC_App::loadApps();
|
OC_App::loadApps();
|
||||||
|
|
||||||
//setup extra user backends
|
//setup extra user backends
|
||||||
|
|
|
@ -354,7 +354,7 @@ class OC_User {
|
||||||
return $backend->getLogoutAttribute();
|
return $backend->getLogoutAttribute();
|
||||||
}
|
}
|
||||||
|
|
||||||
return 'href="' . link_to('', 'index.php') . '?logout=true"';
|
return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . OC_Util::callRegister() . '"';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue