fix for #8995: CSRF Vulnerabilities in user_create

- check for "Post" actions appropriately git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5132 f5dc347c-c33d-0410-90a0-b07cc1902cb9
silecs · Mar 23, 2008 · 55d1b1e · 55d1b1e
1 parent fb64470
commit 55d1b1e
Show file tree

Hide file tree

Showing 91 changed files with 299 additions and 178 deletions.
diff --git a/account_delete.php b/account_delete.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -43,6 +43,8 @@
 	# (none)
 
 	#============ Permissions ============
+	helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();

diff --git a/account_prefs_reset.php b/account_prefs_reset.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -47,6 +47,8 @@
 	$f_redirect_url	= gpc_get_string( 'redirect_url', 'account_prefs_page.php' );
 
 	#============ Permissions ============
+	helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	user_ensure_unprotected( $f_user_id );

diff --git a/account_prefs_update.php b/account_prefs_update.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,21 +20,19 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Updates prefs then redirect to account_prefs_page.php3
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'user_pref_api.php' );
-?>
-<?php
+
+	helper_ensure_post();
+
 	auth_ensure_user_authenticated();
-?>
-<?php
+
 	$f_user_id					= gpc_get_int( 'user_id' );
 	$f_redirect_url				= gpc_get_string( 'redirect_url' );
 

diff --git a/account_prof_add.php b/account_prof_add.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,23 +20,21 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# This file adds a new profile and redirects to account_proj_menu_page.php
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'profile_api.php' );
-?>
-<?php
+
+	helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
-?>
-<?php
+
 	$f_platform		= gpc_get_string( 'platform' );
 	$f_os			= gpc_get_string( 'os' );
 	$f_os_build		= gpc_get_string( 'os_build' );

diff --git a/account_prof_delete.php b/account_prof_delete.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,24 +20,22 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# The specified profile is deleted and the user is redirected to
 	# account_prof_menu_page.php3
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'profile_api.php' );
-?>
-<?php
+
+	helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
-?>
-<?php
+
 	$f_profile_id	= gpc_get_int( 'profile_id' );
 
 	if ( profile_is_global( $f_profile_id ) ) {

diff --git a/account_prof_make_default.php b/account_prof_make_default.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,24 +20,22 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Make the specified profile the default
 	# Redirect to account_prof_menu_page.php
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+	helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
-?>
-<?php
+
 	$f_profile_id	= gpc_get_int( 'profile_id' );
 
 	current_user_set_pref( 'default_profile', $f_profile_id );

diff --git a/account_prof_update.php b/account_prof_update.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -30,6 +30,8 @@
 
 	require_once( $t_core_path.'profile_api.php' );
 
+	helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();

diff --git a/account_sponsor_update.php b/account_sponsor_update.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,23 +20,21 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
-	# This page updates a user's information
+
+	# This page updates a user's sponsorships
 	# If an account is protected then changes are forbidden
 	# The page gets redirected back to account_page.php
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'email_api.php' );
-?>
-<?php
+
+	helper_ensure_post();
+
 	auth_ensure_user_authenticated();
-?>
-<?php
+
 	$f_bug_list = gpc_get_string( 'buglist', '' );
 	$t_bug_list = explode( ',', $f_bug_list );
 

diff --git a/account_update.php b/account_update.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,25 +20,23 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# This page updates a user's information
 	# If an account is protected then changes are forbidden
 	# The page gets redirected back to account_page.php
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'email_api.php' );
-?>
-<?php
+
+	helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
-?>
-<?php
+
 	$f_email           	= gpc_get_string( 'email', '' );
 	$f_realname        	= gpc_get_string( 'realname', '' );
 	$f_password        	= gpc_get_string( 'password', '' );

diff --git a/adm_config_delete.php b/adm_config_delete.php
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+	helper_ensure_post();
+
 	$f_user_id = gpc_get_int( 'user_id' );
 	$f_project_id = gpc_get_int( 'project_id' );
 	$f_config_option = gpc_get_string( 'config_option' );

diff --git a/adm_config_set.php b/adm_config_set.php
@@ -26,6 +26,7 @@
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
+	helper_ensure_post();
 
 	$f_user_id = gpc_get_int( 'user_id' );
 	$f_project_id = gpc_get_int( 'project_id' );

diff --git a/bug_actiongroup.php b/bug_actiongroup.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,19 +20,18 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# This page allows actions to be performed an an array of bugs
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'bug_api.php' );
-?>
-<?php auth_ensure_user_authenticated() ?>
-<?php
+
+	helper_ensure_post();
+
+	auth_ensure_user_authenticated();
 	helper_begin_long_process();
 
 	$f_action	= gpc_get_string( 'action' );

diff --git a/bug_actiongroup_ext.php b/bug_actiongroup_ext.php
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
-# Copyright (C) 2002 - 2007  Mantis Team   - [email protected]
+# Copyright (C) 2002 - 2008  Mantis Team   - [email protected]
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -28,19 +28,21 @@
 	require_once( $t_core_path . 'bug_api.php' );
 	require_once( $t_core_path . 'bug_group_action_api.php' );
 
-    auth_ensure_user_authenticated();
+	helper_ensure_post();
+
+	auth_ensure_user_authenticated();
 
 	helper_begin_long_process();
 
-    $f_action = gpc_get_string( 'action' );
+	$f_action = gpc_get_string( 'action' );
 	$f_bug_arr	= gpc_get_int_array( 'bug_arr', array() );
 
-    $t_action_include_file = 'bug_actiongroup_' . $f_action . '_inc.php';
+	$t_action_include_file = 'bug_actiongroup_' . $f_action . '_inc.php';
 
-    require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . $t_action_include_file );
-    
-    # group bugs by project
-    $t_projects_bugs = array();
+	require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . $t_action_include_file );
+
+	# group bugs by project
+	$t_projects_bugs = array();
 	foreach( $f_bug_arr as $t_bug_id ) {
 		bug_ensure_exists( $t_bug_id );
 		$t_bug = bug_get( $t_bug_id, true );