# HG changeset patch # User Dan Fuhry # Date 1310523668 14400 # Node ID 2e635e51deb053617b450ad9a93517f62bff4e74 # Parent d8983d3a84680e1d9a4790b2d4d1fdf3da9da6a6 SECURITY: CSRF protection in Private Messaging, which is a really broken feature and should get the TinyMCE treatment. *sigh* Reported by Secunia. diff -r d8983d3a8468 -r 2e635e51deb0 plugins/PrivateMessages.php --- a/plugins/PrivateMessages.php Tue Jul 12 22:15:18 2011 -0400 +++ b/plugins/PrivateMessages.php Tue Jul 12 22:21:08 2011 -0400 @@ -153,6 +153,7 @@ if ( $argv[1]=='Send' && isset($_POST['_send']) ) { // Check each POST DATA parameter... + csrf_request_confirm(); $errors = array(); if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) { @@ -195,6 +196,7 @@ } else if ( $argv[1] == 'Send' && isset($_POST['_savedraft'] ) ) { + csrf_request_confirm(); $errors = array(); if ( !isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '') ) { @@ -303,6 +305,7 @@ } ?>
+

@@ -416,6 +419,7 @@ } else if ( isset($_POST['_savedraft']) ) { + csrf_request_confirm(); // Check each POST DATA parameter... $errors = array(); if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) @@ -467,6 +471,7 @@ echo '

' . $lang->get('privmsgs_msg_draft_saved') . '

'; } ?> +

get('privmsgs_lbl_compose_th'); ?>

@@ -648,7 +653,9 @@ '; - echo '

get('privmsgs_lbl_edit_th'); ?>

+ echo ' + +
' . $lang->get('privmsgs_btn_compose') . ' '; @@ -657,6 +664,7 @@ $template->footer(); break; case 'PostHandler': + csrf_request_confirm(); $fname = $db->escape(strtolower($_POST['folder'])); if($fname=='drafts' || $fname=='outbox') {