diff -r a78b0798a116 -r 7e6537fd4730 includes/sessions.php --- a/includes/sessions.php Tue Nov 16 12:44:22 2010 -0500 +++ b/includes/sessions.php Tue Jul 12 22:13:37 2011 -0400 @@ -167,6 +167,13 @@ var $sw_timed_out = false; /** + * Token appended to some important forms to prevent CSRF. + * @var string + */ + + var $csrf_token = false; + + /** * Switch to track if we're started or not. * @access private * @var bool @@ -463,6 +470,8 @@ $this->real_name = $userdata['real_name']; $this->email = $userdata['email']; $this->unread_pms = $userdata['num_pms']; + // generate an anti-CSRF token + $this->csrf_token = sha1($this->username . $this->sid . $this->user_id); if(!$this->compat) { $this->theme = $userdata['theme']; @@ -962,6 +971,9 @@ $this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4); } $this->user_id = 1; + + // make a CSRF token + $this->csrf_token = sha1($_SERVER['REMOTE_ADDR'] . '::' . sha1($this->private_key)); } /** @@ -999,7 +1011,7 @@ . ' LEFT JOIN '.table_prefix.'users_extra AS x' . "\n" . ' ON ( u.user_id=x.user_id OR x.user_id IS NULL )' . "\n" . ' LEFT JOIN '.table_prefix.'privmsgs AS p' . "\n" - . ' ON ( p.message_to=u.username AND p.message_read=0 )' . "\n" + . ' ON ( p.message_to=u.username AND p.message_read=0 AND p.folder_name != \'drafts\' )' . "\n" . ' WHERE k.session_key=\''.$keyhash.'\'' . "\n" . ' AND k.salt=\''.$salt.'\'' . "\n" . ' GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;');