p2

[P2-php-svn] [762] expack:

svnno****@sourc***** svnno****@sourc*****
2010年 1月 3日 (日) 18:19:19 JST

• 前の記事 [P2-php-svn] [761] expack:
• 次の記事 [P2-php-svn] [763] expack:
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]

Revision: 762
          http://sourceforge.jp/projects/p2-php/svn/view?view=rev&revision=762
Author:   rsk
Date:     2010-01-03 18:19:19 +0900 (Sun, 03 Jan 2010)

Log Message:
-----------
expack:
- P2Util::getCsrfId() がより強固なトークンを生成するようにした。
- P2Util::getCsrfId() を使っている箇所で適切なsaltを渡すようにした。

Modified Paths:
--------------
    p2ex/trunk/edit_aborn_word.php
    p2ex/trunk/edit_conf_user.php
    p2ex/trunk/lib/Login.php
    p2ex/trunk/lib/P2Util.php
    p2ex/trunk/lib/ThreadRead.php
    p2ex/trunk/lib/post_form_options.inc.php
    p2ex/trunk/post.php


-------------- next part --------------
Modified: p2ex/trunk/edit_aborn_word.php
===================================================================
--- p2ex/trunk/edit_aborn_word.php	2010-01-02 17:13:28 UTC (rev 761)
+++ p2ex/trunk/edit_aborn_word.php	2010-01-03 09:19:19 UTC (rev 762)
@@ -7,11 +7,13 @@
 
 $_login->authorize(); // ƒ†[ƒU”FØ
 
+define('P2_SALT_EDIT_ABORN_WORD', basename(__FILE__));
+
 $path = isset($_REQUEST['path']) ? $_REQUEST['path'] : '';
 $path_ht = htmlspecialchars($path, ENT_QUOTES);
 
 if (!empty($_POST['submit_save']) || !empty($_POST['submit_default'])) {
-    if (!isset($_POST['csrfid']) or $_POST['csrfid'] != P2Util::getCsrfId()) {
+    if (!isset($_POST['csrfid']) or $_POST['csrfid'] != P2Util::getCsrfId(P2_SALT_EDIT_ABORN_WORD)) {
         p2die('•s³‚ȃ|ƒXƒg‚Å‚·');
     }
 }
@@ -147,7 +149,7 @@
     $_SERVER['SCRIPT_NAME'], rawurlencode($path), basename($path));
 $ptitle = strip_tags($ptitle_top);
 
-$csrfid = P2Util::getCsrfId();
+$csrfid = P2Util::getCsrfId(P2_SALT_EDIT_ABORN_WORD);
 
 //=====================================================================
 // ƒvƒŠƒ“ƒg

Modified: p2ex/trunk/edit_conf_user.php
===================================================================
--- p2ex/trunk/edit_conf_user.php	2010-01-02 17:13:28 UTC (rev 761)
+++ p2ex/trunk/edit_conf_user.php	2010-01-03 09:19:19 UTC (rev 762)
@@ -8,8 +8,10 @@
 
 $_login->authorize(); // ƒ†[ƒU”FØ
 
+define('P2_SALT_EDIT_CONF_USER', basename(__FILE__));
+
 if (!empty($_POST['submit_save']) || !empty($_POST['submit_default'])) {
-    if (!isset($_POST['csrfid']) or $_POST['csrfid'] != P2Util::getCsrfId()) {
+    if (!isset($_POST['csrfid']) or $_POST['csrfid'] != P2Util::getCsrfId(P2_SALT_EDIT_CONF_USER)) {
         p2die('•s³‚ȃ|ƒXƒg‚Å‚·');
     }
 }
@@ -109,7 +111,7 @@
 //=====================================================================
 $ptitle = 'ƒ†[ƒUÝ’è•ÒW';
 
-$csrfid = P2Util::getCsrfId();
+$csrfid = P2Util::getCsrfId(P2_SALT_EDIT_CONF_USER);
 
 $me = P2Util::getMyUrl();
 

Modified: p2ex/trunk/lib/Login.php
===================================================================
--- p2ex/trunk/lib/Login.php	2010-01-02 17:13:28 UTC (rev 761)
+++ p2ex/trunk/lib/Login.php	2010-01-03 09:19:19 UTC (rev 762)
@@ -184,6 +184,9 @@
             // ƒ†[ƒU–¼‚ƃpƒXX‚ðXV
             $_SESSION['login_user']   = $this->user_u;
             $_SESSION['login_pass_x'] = $this->pass_x;
+            if (!array_key_exists('login_microtime', $_SESSION)) {
+                $_SESSION['login_microtime'] = microtime();
+            }
         }
 
         // }}}

Modified: p2ex/trunk/lib/P2Util.php
===================================================================
--- p2ex/trunk/lib/P2Util.php	2010-01-02 17:13:28 UTC (rev 761)
+++ p2ex/trunk/lib/P2Util.php	2010-01-03 09:19:19 UTC (rev 762)
@@ -1115,11 +1115,16 @@
     /**
      * getCsrfId
      */
-    static public function getCsrfId()
+    static public function getCsrfId($salt = '')
     {
         global $_login;
 
-        return md5($_login->user . $_login->pass_x . $_SERVER['HTTP_USER_AGENT']);
+        $key = $_login->user . $_login->pass_x . $_SERVER['HTTP_USER_AGENT'] . $salt;
+        if (array_key_exists('login_microtime', $_SESSION)) {
+            $key .= $_SESSION['login_microtime'];
+        }
+
+        return strtr(rtrim(base64_encode(sha1($key, true)), '='), '+/', '-_');
     }
 
     // }}}

Modified: p2ex/trunk/lib/ThreadRead.php
===================================================================
--- p2ex/trunk/lib/ThreadRead.php	2010-01-02 17:13:28 UTC (rev 761)
+++ p2ex/trunk/lib/ThreadRead.php	2010-01-03 09:19:19 UTC (rev 762)
@@ -88,7 +88,9 @@
             } elseif (P2Util::isHost2chs($this->host) && !empty($_GET['moritapodat']) &&
                       $_conf['p2_2ch_mail'] && $_conf['p2_2ch_pass'])
             {
-                if (!array_key_exists('csrfid', $_GET) || P2Util::getCsrfId() != $_GET['csrfid']) {
+                if (!array_key_exists('csrfid', $_GET) ||
+                    $this->_getCsrfIdForMoritapoDat() != $_GET['csrfid'])
+                {
                     p2die('•s³‚ȃŠƒNƒGƒXƒg‚Å‚·');
                 }
                 $this->_downloadDat2chMoritapo();
@@ -1355,11 +1357,12 @@
         global $_conf;
 
         if ($_conf['p2_2ch_mail'] && $_conf['p2_2ch_pass']) {
+            $csrfid = $this->_getCsrfIdForMoritapoDat();
             $query = htmlspecialchars('host=' . rawurldecode($this->host)
                                     . '&bbs=' . rawurldecode($this->bbs)
                                     . '&key=' . rawurldecode($this->key)
                                     . '&ls=' . rawurldecode($this->ls)
-                                    . '&moritapodat=true&csrfid=' . P2Util::getCsrfId(), ENT_QUOTES);
+                                    . '&moritapodat=true&csrfid=' . $csrfid, ENT_QUOTES);
             return " [<a href=\"{$_conf['read_php']}?{$query}\">ƒ‚ƒŠƒ^ƒ|‚Åp2‚ÉŽæ‚荞‚Þ</a>]";
         } else {
             return '';
@@ -1448,7 +1451,7 @@
     {
         global $_conf;
 
-        $csrfid = P2Util::getCsrfId();
+        $csrfid = $this->_getCsrfIdForMoritapoDat();
 
         $marutori_ht = " [<a href=\"{$_conf['read_php']}?host={$this->host}&amp;bbs={$this->bbs}&amp;key={$this->key}&amp;ls={$this->ls}&amp;maru=true\">œID‚Åp2‚ÉŽæ‚荞‚Þ</a>]";
 
@@ -1481,6 +1484,20 @@
     }
 
     // }}}
+    // {{{ _getCsrfIdForMoritapoDat()
+
+    /**
+     * ŒöŽ®p2‚©‚çdat‚ðŽæ“¾‚·‚éÛ‚ÉŽg‚¤CSRF–hŽ~ƒg[ƒNƒ“‚𐶐¬‚·‚é
+     *
+     * @param void
+     * @return string
+     */
+    protected function _getCsrfIdForMoritapoDat()
+    {
+        return P2Util::getCsrfId('moritapodat' . $this->host . $this->bbs . $this->key);
+    }
+
+    // }}}
 }
 
 // }}}

Modified: p2ex/trunk/lib/post_form_options.inc.php
===================================================================
--- p2ex/trunk/lib/post_form_options.inc.php	2010-01-02 17:13:28 UTC (rev 761)
+++ p2ex/trunk/lib/post_form_options.inc.php	2010-01-03 09:19:19 UTC (rev 762)
@@ -12,7 +12,7 @@
 $time = time() - 9*60*60;
 $time = $time + $fake_time * 60;
 
-$csrfid = P2Util::getCsrfId();
+$csrfid = P2Util::getCsrfId('post' . $host . $bbs . $key);
 
 $hd['FROM'] = '';
 $hd['mail'] = '';

Modified: p2ex/trunk/post.php
===================================================================
--- p2ex/trunk/post.php	2010-01-02 17:13:28 UTC (rev 761)
+++ p2ex/trunk/post.php	2010-01-03 09:19:19 UTC (rev 762)
@@ -16,7 +16,11 @@
     p2die('ˆø”‚ÌŽw’肪•Ï‚Å‚·');
 }
 
-if (!isset($_POST['csrfid']) or $_POST['csrfid'] != P2Util::getCsrfId()) {
+$el = error_reporting(E_ALL & ~E_NOTICE);
+$salt = 'post' . $_POST['host'] . $_POST['bbs'] . $_POST['key'];
+error_reporting($el);
+
+if (!isset($_POST['csrfid']) or $_POST['csrfid'] != P2Util::getCsrfId($salt)) {
     p2die('•s³‚ȃ|ƒXƒg‚Å‚·');
 }
 

• 前の記事 [P2-php-svn] [761] expack:
• 次の記事 [P2-php-svn] [763] expack:
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]