From af29aaac5d50aca0791ae73ea1a1226caffb113a Mon Sep 17 00:00:00 2001 From: jitendrapurohit Date: Thu, 3 Dec 2015 18:45:08 +0530 Subject: [PATCH] fix security bug in transfer form --- CRM/Event/Form/SelfSvcTransfer.php | 6 ++++++ CRM/Event/Form/SelfSvcUpdate.php | 8 ++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CRM/Event/Form/SelfSvcTransfer.php b/CRM/Event/Form/SelfSvcTransfer.php index a8b7fd1a73..1f7953d266 100644 --- a/CRM/Event/Form/SelfSvcTransfer.php +++ b/CRM/Event/Form/SelfSvcTransfer.php @@ -146,13 +146,19 @@ class CRM_Event_Form_SelfSvcTransfer extends CRM_Core_Form { $session = CRM_Core_Session::singleton(); $this->_userContext = $session->readUserContext(); $this->_from_participant_id = CRM_Utils_Request::retrieve('pid', 'Positive', $this, FALSE, NULL, 'REQUEST'); + $this->_userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this, FALSE, NULL, 'REQUEST'); $params = array('id' => $this->_from_participant_id); $participant = $values = array(); $this->_participant = CRM_Event_BAO_Participant::getValues($params, $values, $participant); $this->_part_values = $values[$this->_from_participant_id]; $this->set('values', $this->_part_values); $this->_event_id = $this->_part_values['event_id']; + $url = CRM_Utils_System::url('civicrm/event/info', "reset=1&id={$this->_event_id}"); $this->_from_contact_id = $this->_part_values['participant_contact_id']; + $validUser = CRM_Contact_BAO_Contact_Utils::validChecksum($this->_from_contact_id, $this->_userChecksum); + if (!$validUser && !CRM_Core_Permission::check('edit all events')) { + CRM_Core_Error::statusBounce(ts('You do not have sufficient permission to transfer/cancel this participant.'), $url); + } $this->assign('action', $this->_action); if ($this->_from_participant_id) { $this->assign('participantId', $this->_from_participant_id); diff --git a/CRM/Event/Form/SelfSvcUpdate.php b/CRM/Event/Form/SelfSvcUpdate.php index 8caa74edd6..c1c0ae2300 100644 --- a/CRM/Event/Form/SelfSvcUpdate.php +++ b/CRM/Event/Form/SelfSvcUpdate.php @@ -118,16 +118,16 @@ class CRM_Event_Form_SelfSvcUpdate extends CRM_Core_Form { $this->_userContext = $session->readUserContext(); $participant = $values = array(); $this->_participant_id = CRM_Utils_Request::retrieve('pid', 'Positive', $this, FALSE, NULL, 'REQUEST'); - $userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this, FALSE, NULL, 'REQUEST'); + $this->_userChecksum = CRM_Utils_Request::retrieve('cs', 'String', $this, FALSE, NULL, 'REQUEST'); $params = array('id' => $this->_participant_id); $this->_participant = CRM_Event_BAO_Participant::getValues($params, $values, $participant); $this->_part_values = $values[$this->_participant_id]; $this->set('values', $this->_part_values); //fetch Event by event_id, verify that this event can still be xferred/cancelled $this->_event_id = $this->_part_values['event_id']; - $url = CRM_Utils_System::url('civicrm/event/info', "reset=1&id={$this->_event_id}&noFullMsg=true"); + $url = CRM_Utils_System::url('civicrm/event/info', "reset=1&id={$this->_event_id}"); $this->_contact_id = $this->_part_values['participant_contact_id']; - $validUser = CRM_Contact_BAO_Contact_Utils::validChecksum($this->_contact_id, $userChecksum); + $validUser = CRM_Contact_BAO_Contact_Utils::validChecksum($this->_contact_id, $this->_userChecksum); if (!$validUser && !CRM_Core_Permission::check('edit all events')) { CRM_Core_Error::statusBounce(ts('You do not have sufficient permission to transfer/cancel this participant.'), $url); } @@ -275,7 +275,7 @@ class CRM_Event_Form_SelfSvcUpdate extends CRM_Core_Form { */ public function transferParticipant($params) { $transferUrl = 'civicrm/event/form/selfsvctransfer'; - $url = CRM_Utils_System::url('civicrm/event/selfsvctransfer', 'reset=1&action=add&pid=' . $this->_participant_id); + $url = CRM_Utils_System::url('civicrm/event/selfsvctransfer', 'reset=1&action=add&pid=' . $this->_participant_id . '&cs=' . $this->_userChecksum); $this->controller->setDestination($url); $session = CRM_Core_Session::singleton(); $session->replaceUserContext($url); -- 2.25.1