Private GIT

Skip to content
Snippets Groups Projects
Commit 0fd3c6a3 authored by Gary Allan's avatar Gary Allan
Browse files

Bugfix: CSRF enables open mail relay. #1703

parent 7a6fe99b
Branches
No related tags found
No related merge requests found
......@@ -13,6 +13,7 @@ $Result = new Result;
$User = new User ($Database);
$Tools = new Tools ($Database);
$User->csrf_cookie ("validate", "mail_notify", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# verify that user is logged in
$User->check_user_session();
......
......@@ -22,6 +22,8 @@ $User->check_user_session();
# id must be numeric
is_numeric($_POST['id']) || strlen($_POST['id'])==0 ?: $Result->show("danger", _("Invalid ID"), true);
$csrf = $User->csrf_cookie ("create", "mail_notify");
# get IP address id
$id = $_POST['id'];
......@@ -135,6 +137,7 @@ if(sizeof($custom_fields) > 0) {
</tr>
</table>
<input type="hidden" name='csrf_cookie' value='<?php print $csrf; ?>'>
</form>
</div>
......
......@@ -21,6 +21,8 @@ $User->check_user_session();
# id must be numeric
is_numeric($_POST['id']) || strlen($_POST['id'])==0 ?: $Result->show("danger", _("Invalid ID"), true);
$csrf = $User->csrf_cookie ("create", "mail_notify");
# get IP address id
$id = $_POST['id'];
......@@ -111,6 +113,7 @@ if(sizeof($custom_fields) > 0) {
</tr>
</table>
<input type="hidden" name='csrf_cookie' value='<?php print $csrf; ?>'>
</form>
</div>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment