commit: b8368980162392bf9f97496ecec18abe2bd34fad
Author: Derky <derky <AT> phpbb <DOT> com>
AuthorDate: Fri Apr 26 10:08:37 2019 +0000
Commit: Jimi Huotari <chiitoo <AT> gentoo <DOT> org>
CommitDate: Fri Apr 26 10:11:52 2019 +0000
URL: https://gitweb.gentoo.org/proj/forums.git/commit/?id=b8368980
[ticket/security/228] Add form token to login box
SECURITY-228
phpBB/includes/functions.php | 19 +++++++++++++++++--
phpBB/index.php | 3 +++
phpBB/styles/prosilver/template/index_body.html | 1 +
phpBB/styles/prosilver/template/login_body.html | 1 +
4 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index e2ea7ad23..6df2ebaba 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2268,6 +2268,7 @@ function login_box($redirect = '', $l_explain = '',
$l_success = '', $admin = fa
global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log;
$err = '';
+ $form_name = 'login';
// Make sure user->setup() has been called
if (!$user->is_setup())
@@ -2343,8 +2344,19 @@ function login_box($redirect = '', $l_explain = '',
$l_success = '', $admin = fa
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
- // If authentication is successful we redirect user to previous
page
- $result = $auth->login($username, $password, $autologin,
$viewonline, $admin);
+ // Check form key
+ if ($password && !check_form_key($form_name))
+ {
+ $result = array(
+ 'status' => false,
+ 'error_msg' => 'FORM_INVALID',
+ );
+ }
+ else
+ {
+ // If authentication is successful we redirect user to
previous page
+ $result = $auth->login($username, $password,
$autologin, $viewonline, $admin);
+ }
// If admin authentication and login, we will log if it was a
success or not...
// We also break the operation on the first non-success login -
it could be argued that the user already knows
@@ -2495,6 +2507,9 @@ function login_box($redirect = '', $l_explain = '',
$l_success = '', $admin = fa
));
}
+ // Add form token for login box
+ add_form_key($form_name, '_LOGIN');
+
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$login_box_template_data = array(
diff --git a/phpBB/index.php b/phpBB/index.php
index 13b914abd..5eee7723a 100644
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -211,6 +211,9 @@ if ($show_birthdays)
$template->assign_block_vars_array('birthdays', $birthdays);
}
+// Add form token for login box
+add_form_key('login', '_LOGIN');
+
// Assign index specific vars
$template->assign_vars(array(
'TOTAL_POSTS' => $user->lang('TOTAL_POSTS_COUNT', (int)
$config['num_posts']),
diff --git a/phpBB/styles/prosilver/template/index_body.html
b/phpBB/styles/prosilver/template/index_body.html
index b292c40eb..239a91c58 100644
--- a/phpBB/styles/prosilver/template/index_body.html
+++ b/phpBB/styles/prosilver/template/index_body.html
@@ -29,6 +29,7 @@
<!-- ENDIF -->
<input type="submit" tabindex="5" name="login"
value="{L_LOGIN}" class="button2" />
{S_LOGIN_REDIRECT}
+ {S_FORM_TOKEN_LOGIN}
</fieldset>
</form>
<!-- ENDIF -->
diff --git a/phpBB/styles/prosilver/template/login_body.html
b/phpBB/styles/prosilver/template/login_body.html
index ef0803571..dc597af51 100644
--- a/phpBB/styles/prosilver/template/login_body.html
+++ b/phpBB/styles/prosilver/template/login_body.html
@@ -33,6 +33,7 @@
<!-- ENDIF -->
{S_LOGIN_REDIRECT}
+ {S_FORM_TOKEN_LOGIN}
<dl>
<dt> </dt>
<dd>{S_HIDDEN_FIELDS}<input type="submit" name="login"
tabindex="6" value="{L_LOGIN}" class="button1" /></dd>
