summaryrefslogtreecommitdiff
path: root/controllers/controllers.php
diff options
context:
space:
mode:
authorAaron Parecki <aaron@parecki.com>2017-02-12 20:18:34 -0800
committerAaron Parecki <aaron@parecki.com>2017-02-12 20:18:34 -0800
commit43e8a1ef8d7586422b5d164204a57bdd5938a6d1 (patch)
tree2f832ca21f0a4cca330a763463db6c733246ae84 /controllers/controllers.php
parent2c8387b1e08bff38895c2ce8a840a13a1fed1932 (diff)
fix autosubmit vulnerability for "favorite" bookmarklet
closes #69
Diffstat (limited to 'controllers/controllers.php')
-rw-r--r--controllers/controllers.php22
1 files changed, 17 insertions, 5 deletions
diff --git a/controllers/controllers.php b/controllers/controllers.php
index 4b19879..10dd9a1 100644
--- a/controllers/controllers.php
+++ b/controllers/controllers.php
@@ -34,12 +34,12 @@ function require_login(&$app, $redirect=true) {
}
}
-function generate_login_token() {
- return JWT::encode(array(
+function generate_login_token($opts=[]) {
+ return JWT::encode(array_merge([
'user_id' => $_SESSION['user_id'],
'me' => $_SESSION['me'],
'created_at' => time()
- ), Config::$jwtSecret);
+ ], $opts), Config::$jwtSecret);
}
$app->get('/dashboard', function() use($app) {
@@ -130,11 +130,23 @@ $app->get('/favorite', function() use($app) {
if(array_key_exists('url', $params))
$url = $params['url'];
+ // Check if there was a login token in the query string and whether it has autosubmit=true
+ $autosubmit = false;
+
+ if(array_key_exists('token', $params)) {
+ try {
+ $data = JWT::decode($params['token'], Config::$jwtSecret, ['HS256']);
+ $autosubmit = isset($data->autosubmit) && $data->autosubmit;
+ } catch(Exception $e) {
+ }
+ }
+
render('new-favorite', array(
'title' => 'New Favorite',
'url' => $url,
- 'token' => generate_login_token(),
- 'authorizing' => false
+ 'token' => generate_login_token(['autosubmit'=>true]),
+ 'authorizing' => false,
+ 'autosubmit' => $autosubmit
));
}
});