Commit 3359fb5c authored by webchick's avatar webchick
Browse files

#66264 by boombatower, grendzy, et al: Remove CSRF vulnerability from comment module.

parent 3520ea51
......@@ -991,6 +991,7 @@ function comment_links($comment, $node) {
'title' => t('approve'),
'href' => "comment/$comment->cid/approve",
'html' => TRUE,
'query' => array('token' => drupal_get_token("comment/$comment->cid/approve")),
);
}
}
......
......@@ -107,6 +107,9 @@ function comment_reply($node, $pid = NULL) {
* A comment identifier.
*/
function comment_approve($cid) {
if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], "comment/$cid/approve")) {
return MENU_ACCESS_DENIED;
}
if ($comment = comment_load($cid)) {
$comment->status = COMMENT_PUBLISHED;
comment_save($comment);
......
......@@ -954,6 +954,10 @@ class CommentApprovalTest extends CommentHelperCase {
// Approve comment.
$this->drupalLogin($this->admin_user);
$this->drupalGet('comment/1/approve');
$this->assertResponse(403, t('Forged comment approval was denied.'));
$this->drupalGet('comment/1/approve', array('query' => array('token' => 'forged')));
$this->assertResponse(403, t('Forged comment approval was denied.'));
$this->drupalGet('node/' . $this->node->nid);
$this->clickLink(t('approve'));
$this->drupalLogout();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment