adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 11:28:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding form security enhancements.

Browse source 
Forcing checking of Session form token if security component is used.
Enhancement will not allow a form to be submitted if the fields in the form created with the FormHelper do not match the fields in the submitted form.

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@4968 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
phpnut 2007-05-01 08:56:02 +00:00
parent 767853afae
commit 57023720e6
3 changed files with 110 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

168
cake/libs/controller/components/security.php
View file

@ -136,85 +136,103 @@ class SecurityComponent extends Object {
*/ */
function startup(&$controller) { function startup(&$controller) {
// Check requirePost // Check requirePost
if (is_array($this->requirePost) && !empty($this->requirePost)) { if(is_array($this->requirePost) && !empty($this->requirePost)) {
if(in_array($controller->action, $this->requirePost) || $this->requirePost == array('*')) {
if (in_array($controller->action, $this->requirePost) || $this->requirePost == array('*')) { if(!$this->RequestHandler->isPost()) {
if(!$this->blackHole($controller, 'post')) {
if (!$this->RequestHandler->isPost()) {
if (!$this->blackHole($controller, 'post')) {
return null; return null;
} }
} }
} }
} }
// Check requireSecure // Check requireSecure
if (is_array($this->requireSecure) && !empty($this->requireSecure)) { if(is_array($this->requireSecure) && !empty($this->requireSecure)) {
if(in_array($controller->action, $this->requireSecure) || $this->requireSecure == array('*')) {
if (in_array($controller->action, $this->requireSecure) || $this->requireSecure == array('*')) { if(!$this->RequestHandler->isSSL()) {
if(!$this->blackHole($controller, 'secure')) {
if (!$this->RequestHandler->isSSL()) {
if (!$this->blackHole($controller, 'secure')) {
return null; return null;
} }
} }
} }
} }
// Check requireAuth
if (is_array($this->requireAuth) && !empty($this->requireAuth) && !empty($controller->params['form'])) {
if (in_array($controller->action, $this->requireAuth) || $this->requireAuth == array('*')) { if(!empty($controller->data) && isset($controller->data['_Token'])) {
$token = $controller->data['_Token']['key'];
if($this->Session->check('_Token')) {
$tData = unserialize($this->Session->read('_Token'));
if (!isset($controller->params['data']['_Token'])) { if($tData['expires'] < time() || $tData['key'] !== $token) {
if(!$this->blackHole($controller, 'auth')) {
if (!$this->blackHole($controller, 'auth')) {
return null; return null;
} }
} }
$token = $controller->params['data']['_Token']['key'];
if ($this->Session->check('_Token')) { if(isset($controller->data['_Token']['fields']) && !empty($controller->data['_Token']['fields'])) {
$tData = unserialize($this->Session->read('_Token')); $fields = $controller->data['_Token']['fields'];
$check = $controller->data;
unset($check['_Token']['fields']);
if ($tData['expires'] < time() || $tData['key'] !== $token) { foreach($check as $key => $value) {
$field[$key]= array_keys($value);
}
$check = urlencode(Security::hash(serialize($field) . CAKE_SESSION_STRING));
if (!$this->blackHole($controller, 'auth')) { if($fields !== $check) {
if(!$this->blackHole($controller, 'auth')) {
return null; return null;
} }
} }
if (!empty($tData['allowedControllers']) && !in_array($controller->params['controller'], $tData['allowedControllers']) ||!empty($tData['allowedActions']) && !in_array($controller->params['action'], $tData['allowedActions'])) { }
} else {
if(!$this->blackHole($controller, 'auth')) {
return null;
}
}
}
// Check requireAuth
if(is_array($this->requireAuth) && !empty($this->requireAuth) && !empty($controller->data)) {
if(in_array($controller->action, $this->requireAuth) || $this->requireAuth == array('*')) {
if(!isset($controller->data['_Token'])) {
if(!$this->blackHole($controller, 'auth')) {
return null;
}
}
$token = $controller->data['_Token']['key'];
if (!$this->blackHole($controller, 'auth')) { if($this->Session->check('_Token')) {
$tData = unserialize($this->Session->read('_Token'));
if(!empty($tData['allowedControllers']) && !in_array($controller->params['controller'], $tData['allowedControllers']) ||!empty($tData['allowedActions']) && !in_array($controller->params['action'], $tData['allowedActions'])) {
if(!$this->blackHole($controller, 'auth')) {
return null; return null;
} }
} }
} else { } else {
if (!$this->blackHole($controller, 'auth')) { if(!$this->blackHole($controller, 'auth')) {
return null; return null;
} }
} }
} }
} }
// Check requireLogin // Check requireLogin
if (is_array($this->requireLogin) && !empty($this->requireLogin)) { if(is_array($this->requireLogin) && !empty($this->requireLogin)) {
if(in_array($controller->action, $this->requireLogin) || $this->requireLogin == array('*')) {
if (in_array($controller->action, $this->requireLogin) || $this->requireLogin == array('*')) {
$login = $this->loginCredentials($this->loginOptions['type']); $login = $this->loginCredentials($this->loginOptions['type']);
if ($login == null) { if($login == null) {
// User hasn't been authenticated yet // User hasn't been authenticated yet
header($this->loginRequest()); header($this->loginRequest());
if (isset($this->loginOptions['prompt'])) {
if(isset($this->loginOptions['prompt'])) {
$this->__callback($controller, $this->loginOptions['prompt']); $this->__callback($controller, $this->loginOptions['prompt']);
} else { } else {
$this->blackHole($controller, 'login'); $this->blackHole($controller, 'login');
} }
} else { } else {
if (isset($this->loginOptions['login'])) { if(isset($this->loginOptions['login'])) {
$this->__callback($controller, $this->loginOptions['login'], array($login)); $this->__callback($controller, $this->loginOptions['login'], array($login));
} else { } else {
if (low($this->loginOptions['type']) == 'digest') { if(low($this->loginOptions['type']) == 'digest') {
// Do digest authentication // Do digest authentication
} else { } else {
if (!(in_array($login['username'], array_keys($this->loginUsers)) && $this->loginUsers[$login['username']] == $login['password'])) { if (!(in_array($login['username'], array_keys($this->loginUsers)) && $this->loginUsers[$login['username']] == $login['password'])) {
@ -226,19 +244,17 @@ class SecurityComponent extends Object {
} }
} }
if (!isset($controller->params['requested']) || $controller->params['requested'] != 1) { if(!isset($controller->params['requested']) || $controller->params['requested'] != 1) {
// Add auth key for new form posts // Add auth key for new form posts
$authKey = Security::generateAuthKey(); $authKey = Security::generateAuthKey();
$expires = strtotime('+'.Security::inactiveMins().' minutes'); $expires = strtotime('+'.Security::inactiveMins().' minutes');
$token = array( $token = array('key' => $authKey,
'key' => $authKey, 'expires' => $expires,
'expires' => $expires, 'allowedControllers' => $this->allowedControllers,
'allowedControllers' => $this->allowedControllers, 'allowedActions' => $this->allowedActions);
'allowedActions' => $this->allowedActions
);
if (!isset($controller->params['data'])) { if(!isset($controller->data)) {
$controller->params['data'] = array(); $controller->data = array();
} }
$controller->params['_Token'] = $token; $controller->params['_Token'] = $token;
$this->Session->write('_Token', serialize($token)); $this->Session->write('_Token', serialize($token));
@ -253,13 +269,12 @@ class SecurityComponent extends Object {
* @access public * @access public
*/ */
function blackHole(&$controller, $error = '') { function blackHole(&$controller, $error = '') {
if ($this->blackHoleCallback == null) { if($this->blackHoleCallback == null) {
$code = 404; $code = 404;
if ($error == 'login') { if($error == 'login') {
$code = 401; $code = 401;
} }
$controller->redirect(null, $code); $controller->redirect(null, $code, true);
exit();
} else { } else {
return $this->__callback($controller, $this->blackHoleCallback, array($error)); return $this->__callback($controller, $this->blackHoleCallback, array($error));
} }
@ -272,7 +287,7 @@ class SecurityComponent extends Object {
*/ */
function requirePost() { function requirePost() {
$this->requirePost = func_get_args(); $this->requirePost = func_get_args();
if (empty($this->requirePost)) { if(empty($this->requirePost)) {
$this->requirePost = array('*'); $this->requirePost = array('*');
} }
} }
@ -284,7 +299,7 @@ class SecurityComponent extends Object {
*/ */
function requireSecure() { function requireSecure() {
$this->requireSecure = func_get_args(); $this->requireSecure = func_get_args();
if (empty($this->requireSecure)) { if(empty($this->requireSecure)) {
$this->requireSecure = array('*'); $this->requireSecure = array('*');
} }
} }
@ -296,7 +311,7 @@ class SecurityComponent extends Object {
*/ */
function requireAuth() { function requireAuth() {
$this->requireAuth = func_get_args(); $this->requireAuth = func_get_args();
if (empty($this->requireAuth)) { if(empty($this->requireAuth)) {
$this->requireAuth = array('*'); $this->requireAuth = array('*');
} }
} }
@ -309,16 +324,18 @@ class SecurityComponent extends Object {
function requireLogin() { function requireLogin() {
$args = func_get_args(); $args = func_get_args();
foreach ($args as $arg) { foreach ($args as $arg) {
if (is_array($arg)) { if(is_array($arg)) {
$this->loginOptions = $arg; $this->loginOptions = $arg;
} else { } else {
$this->requireLogin[] = $arg; $this->requireLogin[] = $arg;
} }
} }
if (empty($this->requireLogin)) {
if(empty($this->requireLogin)) {
$this->requireLogin = array('*'); $this->requireLogin = array('*');
} }
if (isset($this->loginOptions['users'])) {
if(isset($this->loginOptions['users'])) {
$this->loginUsers =& $this->loginOptions['users']; $this->loginUsers =& $this->loginOptions['users'];
} }
} }
@ -330,21 +347,20 @@ class SecurityComponent extends Object {
* @access public * @access public
*/ */
function loginCredentials($type = null) { function loginCredentials($type = null) {
if(empty($type) || low($type) == 'basic') {
if (empty($type) || low($type) == 'basic') {
$login = array('username' => env('PHP_AUTH_USER'), 'password' => env('PHP_AUTH_PW')); $login = array('username' => env('PHP_AUTH_USER'), 'password' => env('PHP_AUTH_PW'));
if ($login['username'] != null) {
if($login['username'] != null) {
return $login; return $login;
} }
} }
if ($type == '' || low($type) == 'digest') { if($type == '' || low($type) == 'digest') {
$digest = null; $digest = null;
if (version_compare(phpversion(), '5.1') != -1) {
$digest = env('PHP_AUTH_DIGEST');
} elseif (function_exists('apache_request_headers')) { if(version_compare(phpversion(), '5.1') != -1) {
$digest = env('PHP_AUTH_DIGEST');
} elseif(function_exists('apache_request_headers')) {
$headers = apache_request_headers(); $headers = apache_request_headers();
if (isset($headers['Authorization']) && !empty($headers['Authorization']) && substr($headers['Authorization'], 0, 7) == 'Digest ') { if (isset($headers['Authorization']) && !empty($headers['Authorization']) && substr($headers['Authorization'], 0, 7) == 'Digest ') {
$digest = substr($headers['Authorization'], 7); $digest = substr($headers['Authorization'], 7);
@ -355,12 +371,11 @@ class SecurityComponent extends Object {
return null; return null;
} }
if ($digest == null) { if($digest == null) {
return null; return null;
} }
$data = $this->parseDigestAuthData($digest); $data = $this->parseDigestAuthData($digest);
} }
return null; return null;
} }
/** /**
@ -370,15 +385,11 @@ class SecurityComponent extends Object {
* @access private * @access private
*/ */
function __setLoginDefaults(&$options) { function __setLoginDefaults(&$options) {
$options = am( $options = am(array('type' => 'basic',
array( 'realm' => env('SERVER_NAME'),
'type' => 'basic', 'qop' => 'auth',
'realm' => env('SERVER_NAME'), 'nonce' => uniqid()),
'qop' => 'auth', array_filter($options));
'nonce' => uniqid()
),
array_filter($options)
);
$options = am(array('opaque' => md5($options['realm'])), $options); $options = am(array('opaque' => md5($options['realm'])), $options);
} }
/** /**
@ -392,7 +403,6 @@ class SecurityComponent extends Object {
$options = am($this->loginOptions, $options); $options = am($this->loginOptions, $options);
$this->__setLoginDefaults($options); $this->__setLoginDefaults($options);
$data = 'WWW-Authenticate: ' . ucfirst($options['type']) . ' realm="' . $options['realm'] . '"'; $data = 'WWW-Authenticate: ' . ucfirst($options['type']) . ' realm="' . $options['realm'] . '"';
return $data; return $data;
} }
/** /**
@ -403,20 +413,20 @@ class SecurityComponent extends Object {
* @access public * @access public
*/ */
function parseDigestAuthData($digest) { function parseDigestAuthData($digest) {
if (substr($digest, 0, 7) == 'Digest ') { if(substr($digest, 0, 7) == 'Digest ') {
$digest = substr($digest, 7); $digest = substr($digest, 7);
} }
$keys = array(); $keys = array();
$match = array(); $match = array();
$req = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1); $req = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $digest, $match, PREG_SET_ORDER); preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $digest, $match, PREG_SET_ORDER);
foreach ($match as $i) { foreach($match as $i) {
$keys[$i[1]] = $i[3]; $keys[$i[1]] = $i[3];
unset($req[$i[1]]); unset($req[$i[1]]);
} }
if (empty($req)) {
if(empty($req)) {
return $keys; return $keys;
} else { } else {
return null; return null;
@ -432,7 +442,7 @@ class SecurityComponent extends Object {
* @access private * @access private
*/ */
function __callback(&$controller, $method, $params = array()) { function __callback(&$controller, $method, $params = array()) {
if (is_callable(array($controller, $method))) { if(is_callable(array($controller, $method))) {
return call_user_func_array(array(&$controller, $method), empty($params) ? null : $params); return call_user_func_array(array(&$controller, $method), empty($params) ? null : $params);
} else { } else {
// Debug::warning('Callback method ' . $method . ' in controller ' . get_class($controller) // Debug::warning('Callback method ' . $method . ' in controller ' . get_class($controller)

25
cake/libs/view/helpers/form.php
View file

@ -66,10 +66,10 @@ class FormHelper extends AppHelper {
*/ */
var $fieldset = array('fields'=>array(), 'sizes'=>array(), 'key'=>'id', 'validates'=>array()); var $fieldset = array('fields'=>array(), 'sizes'=>array(), 'key'=>'id', 'validates'=>array());
var $__options = array( var $__options = array('day' => array(), 'minute' => array(), 'hour' => array(),
'day' => array(), 'minute' => array(), 'hour' => array(), 'month' => array(), 'year' => array(), 'meridian' => array());
'month' => array(), 'year' => array(), 'meridian' => array()
); var $fields = array();
/** /**
* Returns an HTML FORM element. * Returns an HTML FORM element.
@ -214,6 +214,9 @@ class FormHelper extends AppHelper {
*/ */
function end($options = null) { function end($options = null) {
$out = null; $out = null;
if(isset($this->params['_Token']) && !empty($this->params['_Token'])) {
$out = $this->secure($this->fields);
}
if (!empty($this->params['models'])) { if (!empty($this->params['models'])) {
$models = $this->params['models'][0]; $models = $this->params['models'][0];
} }
@ -247,6 +250,12 @@ class FormHelper extends AppHelper {
$out .= $this->Html->tags['formend']; $out .= $this->Html->tags['formend'];
return $this->output($out); return $this->output($out);
} }
function secure($fields) {
$append = '<p style="display: inline; margin: 0px; padding: 0px;">';
$append .= $this->hidden('_Token/fields', array('value' => urlencode(Security::hash(serialize($fields) . CAKE_SESSION_STRING)), 'id' => 'TokenFields' . mt_rand()));
$append .= '</p>';
return $append;
}
/** /**
* Returns true if there is an error for the given field, otherwise false * Returns true if there is an error for the given field, otherwise false
* *
@ -377,7 +386,6 @@ class FormHelper extends AppHelper {
* @return string * @return string
*/ */
function input($tagName, $options = array()) { function input($tagName, $options = array()) {
$this->setFormTag($tagName); $this->setFormTag($tagName);
$options = am( $options = am(
array( array(
@ -551,6 +559,7 @@ class FormHelper extends AppHelper {
* @return string An HTML text input element * @return string An HTML text input element
*/ */
function text($fieldName, $options = array()) { function text($fieldName, $options = array()) {
$this->fields[$this->model()][] = $this->field();
$options = $this->__initInputField($fieldName, am(array('type' => 'text'), $options)); $options = $this->__initInputField($fieldName, am(array('type' => 'text'), $options));
return $this->output(sprintf($this->Html->tags['input'], $this->model(), $this->field(), $this->_parseAttributes($options, null, null, ' '))); return $this->output(sprintf($this->Html->tags['input'], $this->model(), $this->field(), $this->_parseAttributes($options, null, null, ' ')));
} }
@ -562,6 +571,7 @@ class FormHelper extends AppHelper {
* @return string * @return string
*/ */
function password($fieldName, $options = array()) { function password($fieldName, $options = array()) {
$this->fields[$this->model()][] = $this->field();
$options = $this->__initInputField($fieldName, $options); $options = $this->__initInputField($fieldName, $options);
return $this->output(sprintf($this->Html->tags['password'], $this->model(), $this->field(), $this->_parseAttributes($options, null, null, ' '))); return $this->output(sprintf($this->Html->tags['password'], $this->model(), $this->field(), $this->_parseAttributes($options, null, null, ' ')));
} }
@ -573,6 +583,7 @@ class FormHelper extends AppHelper {
* @return string An HTML text input element * @return string An HTML text input element
*/ */
function textarea($fieldName, $options = array()) { function textarea($fieldName, $options = array()) {
$this->fields[$this->model()][] = $this->field();
$options = $this->__initInputField($fieldName, $options); $options = $this->__initInputField($fieldName, $options);
unset($options['type']); unset($options['type']);
$value = null; $value = null;
@ -595,9 +606,11 @@ class FormHelper extends AppHelper {
$options = $this->__initInputField($fieldName, $options); $options = $this->__initInputField($fieldName, $options);
$model = $this->model(); $model = $this->model();
unset($options['class']); unset($options['class']);
if (in_array($fieldName, array('_method', '_fields'))) { if (in_array($fieldName, array('_method', '_fields'))) {
$model = null; $model = null;
} }
$this->fields[$model][] = $this->field();
return $this->output(sprintf($this->Html->tags['hidden'], $model, $this->field(), $this->_parseAttributes($options, null, ' ', ' '))); return $this->output(sprintf($this->Html->tags['hidden'], $model, $this->field(), $this->_parseAttributes($options, null, ' ', ' ')));
} }
/** /**
@ -609,6 +622,7 @@ class FormHelper extends AppHelper {
* @access public * @access public
*/ */
function file($fieldName, $options = array()) { function file($fieldName, $options = array()) {
$this->fields[$this->model()][] = $this->field();
$options = $this->__initInputField($fieldName, $options); $options = $this->__initInputField($fieldName, $options);
return $this->output(sprintf($this->Html->tags['file'], $this->model(), $this->field(), $this->_parseAttributes($options, null, '', ' '))); return $this->output(sprintf($this->Html->tags['file'], $this->model(), $this->field(), $this->_parseAttributes($options, null, '', ' ')));
} }
@ -710,6 +724,7 @@ class FormHelper extends AppHelper {
function select($fieldName, $options = array(), $selected = null, $attributes = array(), $showEmpty = '') { function select($fieldName, $options = array(), $selected = null, $attributes = array(), $showEmpty = '') {
$showParents = false; $showParents = false;
$this->setFormTag($fieldName); $this->setFormTag($fieldName);
$this->fields[$this->model()][] = $this->field();
$attributes = $this->domId((array)$attributes); $attributes = $this->domId((array)$attributes);
if ($this->tagIsInvalid()) { if ($this->tagIsInvalid()) {

3
cake/libs/view/templates/scaffolds/edit.thtml
View file

@ -28,8 +28,7 @@
<?php <?php
echo $form->create($modelClass); echo $form->create($modelClass);
echo $form->inputs($fieldNames); echo $form->inputs($fieldNames);
echo $form->submit(__('Save', true)); ?> echo $form->end(array('submit' => __('Save', true))); ?>
</form>
<div class='actions'> <div class='actions'>
<ul> <ul>
<?php <?php