Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
D
drupal
Manage
Activity
Members
Labels
Plan
Wiki
Custom issue tracker
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Model registry
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
project
drupal
Commits
0accf8fe
Commit
0accf8fe
authored
Oct 31, 2006
by
Neil Drumm
Browse files
Options
Downloads
Patches
Plain Diff
#90508
by Heine and the security team. Every form gets a token.
parent
2c2f33e6
Branches
Branches containing commit
Tags
Tags containing commit
2 merge requests
!7452
Issue #1797438. HTML5 validation is preventing form submit and not fully...
,
!789
Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
includes/common.inc
+42
-0
42 additions, 0 deletions
includes/common.inc
includes/form.inc
+26
-11
26 additions, 11 deletions
includes/form.inc
modules/block/block.module
+3
-5
3 additions, 5 deletions
modules/block/block.module
modules/system/system.module
+1
-0
1 addition, 0 deletions
modules/system/system.module
with
72 additions
and
16 deletions
includes/common.inc
+
42
−
0
View file @
0accf8fe
...
...
@@ -1507,6 +1507,48 @@ function drupal_urlencode($text) {
}
}
/**
* Ensure the private key variable used to generate tokens is set.
*
* @return
* The private key
*/
function
drupal_get_private_key
()
{
if
(
!
(
$key
=
variable_get
(
'drupal_private_key'
,
0
)))
{
$key
=
md5
(
uniqid
(
mt_rand
(),
true
))
.
md5
(
uniqid
(
mt_rand
(),
true
));
variable_set
(
'drupal_private_key'
,
$key
);
}
return
$key
;
}
/**
* Generate a token based on $value, the current user session and private key.
*
* @param $value
* An additional value to base the token on
*/
function
drupal_get_token
(
$value
=
''
)
{
$private_key
=
drupal_get_private_key
();
return
md5
(
session_id
()
.
$value
.
$private_key
);
}
/**
* Validate a token based on $value, the current user session and private key.
*
* @param $token
* The token to be validated.
* @param $value
* An additional value to base the token on.
* @param $skip_anonymous
* Set to true to skip token validation for anonymous users.
* @return
* True for a valid token, false for an invalid token. When $skip_anonymous is true, the return value will always be true for anonymous users.
*/
function
drupal_valid_token
(
$token
,
$value
=
''
,
$skip_anonymous
=
FALSE
)
{
global
$user
;
return
((
$skip_anonymous
&&
$user
->
uid
==
0
)
||
(
$token
==
md5
(
session_id
()
.
$value
.
variable_get
(
'drupal_private_key'
,
''
))));
}
/**
* Performs one or more XML-RPC request(s).
*
...
...
This diff is collapsed.
Click to expand it.
includes/form.inc
+
26
−
11
View file @
0accf8fe
...
...
@@ -264,6 +264,8 @@ function drupal_process_form($form_id, &$form) {
* An associative array containing the structure of the form.
*/
function
drupal_prepare_form
(
$form_id
,
&
$form
)
{
global
$user
;
$form
[
'#type'
]
=
'form'
;
if
(
!
isset
(
$form
[
'#post'
]))
{
...
...
@@ -292,23 +294,28 @@ function drupal_prepare_form($form_id, &$form) {
$base
=
$form
[
'#base'
];
}
// Add a token, based on either #token or form_id, to any form displayed to authenticated users.
// This ensures that any submitted form was actually requested previously by the user and protects against
// cross site request forgeries.
if
(
isset
(
$form
[
'#token'
]))
{
// If the page cache is on and an anonymous user issues a GET request,
// unset the token because the token in the cached page would not match,
// because the token is based on the session ID.
if
(
variable_get
(
'cache'
,
0
)
&&
!
$user
->
uid
&&
$_SERVER
[
'REQUEST_METHOD'
]
==
'GET'
)
{
if
(
$form
[
'#token'
]
===
FALSE
||
$user
->
uid
==
0
||
$form
[
'#programmed'
])
{
unset
(
$form
[
'#token'
]);
}
else
{
// Make sure that a private key is set:
if
(
!
variable_get
(
'drupal_private_key'
,
''
))
{
variable_set
(
'drupal_private_key'
,
mt_rand
());
$form
[
'form_token'
]
=
array
(
'#type'
=>
'token'
,
'#default_value'
=>
drupal_get_token
(
$form
[
'#token'
]));
}
$form
[
'form_token'
]
=
array
(
'#type'
=>
'hidden'
,
'#default_value'
=>
md5
(
session_id
()
.
$form
[
'#token'
]
.
variable_get
(
'drupal_private_key'
,
''
)));
}
else
if
(
$user
->
uid
&&
!
$form
[
'#programmed'
])
{
$form
[
'#token'
]
=
$form_id
;
$form
[
'form_token'
]
=
array
(
'#id'
=>
'edit-'
.
str_replace
(
'_'
,
'-'
,
$form_id
)
.
'-form-token'
,
'#type'
=>
'token'
,
'#default_value'
=>
drupal_get_token
(
$form
[
'#token'
]),
);
}
if
(
isset
(
$form_id
))
{
$form
[
'form_id'
]
=
array
(
'#type'
=>
'hidden'
,
'#value'
=>
$form_id
,
'#id'
=>
str_replace
(
'_'
,
'-'
,
"edit-
$form_id
"
));
}
...
...
@@ -369,7 +376,7 @@ function drupal_validate_form($form_id, $form) {
// If the session token was set by drupal_prepare_form(), ensure that it
// matches the current user's session
if
(
isset
(
$form
[
'#token'
]))
{
if
(
$form_values
[
'form_token'
]
!=
md5
(
session_id
()
.
$form
[
'#token'
]
.
variable_get
(
'drupal_private_key'
,
''
)
))
{
if
(
!
drupal_valid_token
(
$form_values
[
'form_token'
]
,
$form
[
'#token'
]
))
{
// setting this error will cause the form to fail validation
form_set_error
(
'form_token'
,
t
(
'Validation error, please try again. If this error persists, please contact the site administrator.'
));
}
...
...
@@ -670,6 +677,10 @@ function form_builder($form_id, $form) {
}
break
;
case
'token'
:
$form
[
'#value'
]
=
(
string
)
$edit
;
break
;
default
:
if
(
isset
(
$edit
))
{
$form
[
'#value'
]
=
$edit
;
...
...
@@ -1256,6 +1267,10 @@ function theme_hidden($element) {
return
'<input type="hidden" name="'
.
$element
[
'#name'
]
.
'" id="'
.
$element
[
'#id'
]
.
'" value="'
.
check_plain
(
$element
[
'#value'
])
.
"
\"
"
.
drupal_attributes
(
$element
[
'#attributes'
])
.
" />
\n
"
;
}
function
theme_token
(
$element
)
{
return
theme
(
'hidden'
,
$element
);
}
/**
* Format a textfield.
*
...
...
This diff is collapsed.
Click to expand it.
modules/block/block.module
+
3
−
5
View file @
0accf8fe
...
...
@@ -315,7 +315,7 @@ function theme_block_admin_display($form) {
$last_region
=
''
;
$last_status
=
1
;
foreach
(
element_children
(
$form
)
as
$i
)
{
$block
=
$form
[
$i
];
$block
=
&
$form
[
$i
];
// Only take form elements that are blocks.
if
(
is_array
(
$block
[
'info'
]))
{
// Fetch values
...
...
@@ -358,10 +358,8 @@ function theme_block_admin_display($form) {
$header
[]
=
array
(
'data'
=>
t
(
'Operations'
),
'colspan'
=>
2
);
$output
=
theme
(
'table'
,
$header
,
$rows
,
array
(
'id'
=>
'blocks'
));
$output
.
=
drupal_render
(
$form
[
'submit'
]);
// Also render the form_id as there is no drupal_render($form) call (as drupal_render does not appear to handle the
// multi-dimensional block form array very well).
$output
.
=
drupal_render
(
$form
[
'form_id'
]);
$output
.
=
drupal_render
(
$form
);
return
$output
;
}
...
...
This diff is collapsed.
Click to expand it.
modules/system/system.module
+
1
−
0
View file @
0accf8fe
...
...
@@ -90,6 +90,7 @@ function system_elements() {
$type
[
'value'
]
=
array
(
'#input'
=>
TRUE
);
$type
[
'markup'
]
=
array
(
'#prefix'
=>
''
,
'#suffix'
=>
''
);
$type
[
'fieldset'
]
=
array
(
'#collapsible'
=>
FALSE
,
'#collapsed'
=>
FALSE
);
$type
[
'token'
]
=
array
(
'#input'
=>
TRUE
);
return
$type
;
}
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment