mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-01-18 18:46:17 +00:00
Removing Session deletion of nonce token on blackhole. Fixes possible CSRF risk from multiple submissions of the same invalid data. Refs #214
This commit is contained in:
parent
c195d654b3
commit
fc304056a3
2 changed files with 17 additions and 5 deletions
|
@ -381,8 +381,6 @@ class SecurityComponent extends Object {
|
||||||
* @see SecurityComponent::$blackHoleCallback
|
* @see SecurityComponent::$blackHoleCallback
|
||||||
*/
|
*/
|
||||||
function blackHole(&$controller, $error = '') {
|
function blackHole(&$controller, $error = '') {
|
||||||
$this->Session->del('_Token');
|
|
||||||
|
|
||||||
if ($this->blackHoleCallback == null) {
|
if ($this->blackHoleCallback == null) {
|
||||||
$code = 404;
|
$code = 404;
|
||||||
if ($error == 'login') {
|
if ($error == 'login') {
|
||||||
|
|
|
@ -237,16 +237,16 @@ class SecurityComponentTest extends CakeTestCase {
|
||||||
$this->Controller->Security->startup($this->Controller);
|
$this->Controller->Security->startup($this->Controller);
|
||||||
$this->assertTrue($this->Controller->failed);
|
$this->assertTrue($this->Controller->failed);
|
||||||
|
|
||||||
$this->Controller->Session->write('_Token', array('allowedControllers' => array()));
|
$this->Controller->Session->write('_Token', serialize(array('allowedControllers' => array())));
|
||||||
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
||||||
$this->Controller->action = 'posted';
|
$this->Controller->action = 'posted';
|
||||||
$this->Controller->Security->requireAuth('posted');
|
$this->Controller->Security->requireAuth('posted');
|
||||||
$this->Controller->Security->startup($this->Controller);
|
$this->Controller->Security->startup($this->Controller);
|
||||||
$this->assertTrue($this->Controller->failed);
|
$this->assertTrue($this->Controller->failed);
|
||||||
|
|
||||||
$this->Controller->Session->write('_Token', array(
|
$this->Controller->Session->write('_Token', serialize(array(
|
||||||
'allowedControllers' => array('SecurityTest'), 'allowedActions' => array('posted2')
|
'allowedControllers' => array('SecurityTest'), 'allowedActions' => array('posted2')
|
||||||
));
|
)));
|
||||||
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
$this->Controller->data = array('username' => 'willy', 'password' => 'somePass');
|
||||||
$this->Controller->action = 'posted';
|
$this->Controller->action = 'posted';
|
||||||
$this->Controller->Security->requireAuth('posted');
|
$this->Controller->Security->requireAuth('posted');
|
||||||
|
@ -1145,5 +1145,19 @@ DIGEST;
|
||||||
$this->Controller->Security->startup($this->Controller);
|
$this->Controller->Security->startup($this->Controller);
|
||||||
$this->assertEqual($this->Controller->params['_Token']['key'], $key);
|
$this->assertEqual($this->Controller->params['_Token']['key'], $key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* test that blackhole doesn't delete the _Token session key so repeat data submissions
|
||||||
|
* stay blackholed.
|
||||||
|
*
|
||||||
|
* @link http://cakephp.lighthouseapp.com/projects/42648/tickets/214
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
function testBlackHoleNotDeletingSessionInformation() {
|
||||||
|
$this->Controller->Security->startup($this->Controller);
|
||||||
|
|
||||||
|
$this->Controller->Security->blackHole($this->Controller, 'auth');
|
||||||
|
$this->assertTrue($this->Controller->Security->Session->check('_Token'), '_Token was deleted by blackHole %s');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
Loading…
Add table
Reference in a new issue