dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: edd7c5a)
Merge "SECURITY: Add CSRF token on Special:ChangePassword"
authorMglaser <glaser@hallowelt.biz>
Thu, 27 Mar 2014 21:01:46 +0000 (21:01 +0000)
committerGerrit Code Review <gerrit@wikimedia.org>
Thu, 27 Mar 2014 21:01:46 +0000 (21:01 +0000)
includes/specials/SpecialChangePassword.php patch | blob | history

diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 0356d45..91d0404 100644 (file)
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -107,6 +107,17 @@ class SpecialChangePassword extends FormSpecialPage {
                        ),
                );
 
+               if ( !$this->getUser()->isLoggedIn() ) {
+                       if ( !LoginForm::getLoginToken() ) {
+                               LoginForm::setLoginToken();
+                       }
+                       $fields['LoginOnChangeToken'] = array(
+                               'type' => 'hidden',
+                               'label' => 'Change Password Token',
+                               'default' => LoginForm::getLoginToken(),
+                       );
+               }
+
                $extraFields = array();
                wfRunHooks( 'ChangePasswordForm', array( &$extraFields ) );
                foreach ( $extraFields as $extra ) {
@@ -160,6 +171,14 @@ class SpecialChangePassword extends FormSpecialPage {
                        return false;
                }
 
+               if ( !$this->getUser()->isLoggedIn()
+                       && $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken()
+               ) {
+                       // Potential CSRF (bug 62497)
+                       return false;
+               }
+
+
                if ( $request->getCheck( 'wpCancel' ) ) {
                        $titleObj = Title::newFromText( $request->getVal( 'returnto' ) );
                        if ( !$titleObj instanceof Title ) {
Wiklou, le Wiki du Wiklou