From 970936e5744c177deba69374a0669a4c7a8cded1 Mon Sep 17 00:00:00 2001 From: ozhozh Date: Thu, 26 Aug 2010 15:06:15 +0000 Subject: [PATCH] Simpler nonce verification git-svn-id: http://yourls.googlecode.com/svn/trunk@498 12232710-3e20-11de-b438-597f59cd7555 --- admin/plugins.php | 3 +-- includes/functions.php | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/admin/plugins.php b/admin/plugins.php index 2e68171..4509d2f 100644 --- a/admin/plugins.php +++ b/admin/plugins.php @@ -12,8 +12,7 @@ if( isset( $_GET['action'] ) ) { // Check nonce - if( !isset( $_GET['nonce'] ) or !yourls_verify_nonce( $_GET['nonce'], 'manage_plugins' ) ) - yourls_die( 'Unauthorized action or expired link', 'Error', 403 ); + yourls_verify_nonce( 'manage_plugins' ); // Check plugin file is valid if( isset( $_GET['plugin'] ) && yourls_validate_plugin_file( YOURLS_PLUGINDIR.'/'.$_GET['plugin'].'/plugin.php') ) { diff --git a/includes/functions.php b/includes/functions.php index b22f5e7..0aa13a7 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -1413,13 +1413,24 @@ function yourls_create_nonce( $action = '-1', $user = false ) { return substr( yourls_salt($tick . $action . $user), 0, 10 ); } -// Check validity of a nonce (ie time span, user and action match) -function yourls_verify_nonce( $nonce, $action = -1, $user = false ) { +// Check validity of a nonce (ie time span, user and action match). Returns true or dies. +// $nonce is the name of the GET or POST parameter +function yourls_verify_nonce( $action, $nonce = 'nonce', $user = false ) { + // get user if( false == $user ) $user = defined('YOURLS_USER') ? YOURLS_USER : '-1'; - $valid = yourls_create_nonce( $action, $user ); + + // what nonce should be + $valid = yourls_create_nonce( $action, $user ); + + // what nonce is + $nonce = isset($_REQUEST[$nonce]) ? $_REQUEST[$nonce] : false; - return $nonce == $valid ; + if( $nonce == $valid ) { + return true; + } else { + yourls_die( 'Unauthorized action or expired link', 'Error', 403 ); + } } // Sanitize a version number (1.4.1-whatever -> 1.4.1) -- 2.45.0