From 2cefa62ab30cc730b8683ee47ec69728ab89d773 Mon Sep 17 00:00:00 2001 From: pdontthink Date: Tue, 18 Jun 2013 04:20:50 +0000 Subject: [PATCH] Allow more liberal reuse of tokens to avoid cross-frame conflicts git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14383 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/mailbox_display.php | 2 +- functions/strings.php | 16 ++++++++++------ plugins/change_password/options.php | 2 +- plugins/squirrelspell/modules/lang_change.mod | 2 +- src/addressbook.php | 2 +- src/compose.php | 12 ++++++------ src/empty_trash.php | 2 +- src/folders.php | 10 +++++----- src/options.php | 2 +- src/options_highlight.php | 4 ++-- src/options_identities.php | 2 +- src/search.php | 2 +- 12 files changed, 31 insertions(+), 27 deletions(-) diff --git a/functions/mailbox_display.php b/functions/mailbox_display.php index 28398603..542a4ede 100644 --- a/functions/mailbox_display.php +++ b/functions/mailbox_display.php @@ -1297,7 +1297,7 @@ function handleMessageListForm($imapConnection, &$aMailbox, $sButton='', // don't do anything to any messages until we have done security check // FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, ''); - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); // make sure message UIDs are sanitized (BIGINT) foreach ($aUid as $i => $uid) diff --git a/functions/strings.php b/functions/strings.php index 5a1c5b8f..229fcfc2 100644 --- a/functions/strings.php +++ b/functions/strings.php @@ -1601,10 +1601,12 @@ function sm_generate_security_token($force_generate_new=FALSE) * @param string $token The token to validate * @param int $validity_period The number of seconds tokens are valid * for (set to zero to remove valid tokens - * after only one use; use 3600 to allow - * tokens to be reused for an hour) - * (OPTIONAL; default is to only allow tokens - * to be used once) + * after only one use; set to -1 to allow + * indefinite re-use (but still subject to + * $max_token_age_days - see elsewhere); + * use 3600 to allow tokens to be reused for + * an hour) (OPTIONAL; default is to only + * allow tokens to be used once) * NOTE this is unrelated to $max_token_age_days * or rather is an additional time constraint on * tokens that allows them to be re-used (or not) @@ -1649,9 +1651,11 @@ function sm_validate_security_token($token, $validity_period=0, $show_error=FALS $timestamp = $tokens[$token]; // whether valid or not, we want to remove it from - // user prefs if it's old enough + // user prefs if it's old enough (unless requested to + // bypass this (in which case $validity_period is -1)) // - if ($timestamp < $now - $validity_period) + if ($validity_period >= 0 + && $timestamp < $now - $validity_period) { unset($tokens[$token]); setPref($data_dir, $username, 'security_tokens', serialize($tokens)); diff --git a/plugins/change_password/options.php b/plugins/change_password/options.php index 474fe619..2a3506a6 100644 --- a/plugins/change_password/options.php +++ b/plugins/change_password/options.php @@ -56,7 +56,7 @@ if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) { // security check sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); /* perform basic checks */ $Messages = cpw_check_input(); diff --git a/plugins/squirrelspell/modules/lang_change.mod b/plugins/squirrelspell/modules/lang_change.mod index b1a40b03..96525346 100644 --- a/plugins/squirrelspell/modules/lang_change.mod +++ b/plugins/squirrelspell/modules/lang_change.mod @@ -17,7 +17,7 @@ */ sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); -sm_validate_security_token($submitted_token, 3600, TRUE); +sm_validate_security_token($submitted_token, -1, TRUE); global $SQSPELL_APP_DEFAULT; diff --git a/src/addressbook.php b/src/addressbook.php index d5081261..96522252 100644 --- a/src/addressbook.php +++ b/src/addressbook.php @@ -99,7 +99,7 @@ $form_url = 'addressbook.php'; if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') { // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); /************************************************** * Add new address * diff --git a/src/compose.php b/src/compose.php index 7c051643..be9f6df5 100644 --- a/src/compose.php +++ b/src/compose.php @@ -415,7 +415,7 @@ if ($draft) { // validate security token // - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); /* * Set $default_charset to correspond with the user's selection @@ -474,7 +474,7 @@ if ($send) { // validate security token // - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); if (isset($_FILES['attachfile']) && $_FILES['attachfile']['tmp_name'] && @@ -601,7 +601,7 @@ if ($send) { // validate security token // - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); if ($compose_new_win == '1') { compose_Header($color, $mailbox); @@ -650,7 +650,7 @@ if ($send) { // validate security token // - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); if ($compose_new_win == '1') { compose_Header($color, $mailbox); @@ -666,7 +666,7 @@ elseif (isset($sigappend)) { // validate security token // - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); $signature = $idents[$identity]['signature']; @@ -681,7 +681,7 @@ elseif (isset($sigappend)) { // validate security token // - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); if ($compose_new_win == '1') { compose_Header($color, $mailbox); diff --git a/src/empty_trash.php b/src/empty_trash.php index 05c5f3a4..1db9d07e 100644 --- a/src/empty_trash.php +++ b/src/empty_trash.php @@ -32,7 +32,7 @@ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); // first do a security check sqgetGlobalVar('smtoken', $submitted_token, SQ_GET, ''); -sm_validate_security_token($submitted_token, 3600, TRUE); +sm_validate_security_token($submitted_token, -1, TRUE); $imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0); diff --git a/src/folders.php b/src/folders.php index 1a1f402d..28a8302c 100644 --- a/src/folders.php +++ b/src/folders.php @@ -43,7 +43,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { case 'create': // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); sqgetGlobalVar('folder_name', $folder_name, SQ_POST); sqgetGlobalVar('subfolder', $subfolder, SQ_POST); @@ -61,7 +61,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { } else { // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); sqgetGlobalVar('orig', $orig, SQ_POST); sqgetGlobalVar('old_name', $old_name, SQ_POST); @@ -77,7 +77,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { if ( sqgetGlobalVar('confirmed', $dummy, SQ_POST) ) { // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); folders_delete_do($imapConnection, $delimiter, $folder_name); $td_str = _("Deleted folder successfully."); @@ -88,7 +88,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { case 'subscribe': // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); sqgetGlobalVar('folder_names', $folder_names, SQ_POST); folders_subscribe($imapConnection, $folder_names); @@ -97,7 +97,7 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { case 'unsubscribe': // first, validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); sqgetGlobalVar('folder_names', $folder_names, SQ_POST); folders_unsubscribe($imapConnection, $folder_names); diff --git a/src/options.php b/src/options.php index 2a3fd2a4..1a1e14ef 100644 --- a/src/options.php +++ b/src/options.php @@ -203,7 +203,7 @@ if ( !@is_file( $optpage_file ) ) { // security check before saving anything... //FIXME: what about SMOPT_MODE_LINK?? if ($optmode == SMOPT_MODE_SUBMIT) { - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); } $optpage_save_error=array(); diff --git a/src/options_highlight.php b/src/options_highlight.php index a1c6a545..6e9af744 100644 --- a/src/options_highlight.php +++ b/src/options_highlight.php @@ -55,7 +55,7 @@ if (isset($theid) && ($action == 'delete') || ($action == 'down')) { // security check - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); $new_rules = array(); switch($action) { @@ -92,7 +92,7 @@ if (isset($theid) && ($action == 'delete') || } else if ($action == 'save') { // security check - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); if ($color_type == 1) $newcolor = $newcolor_choose; elseif ($color_type == 2) $newcolor = $newcolor_input; diff --git a/src/options_identities.php b/src/options_identities.php index 92a4600d..69efa248 100644 --- a/src/options_identities.php +++ b/src/options_identities.php @@ -44,7 +44,7 @@ sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); if (!empty($smaction) && is_array($smaction)) { // first do a security check - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); $doaction = ''; $identid = 0; diff --git a/src/search.php b/src/search.php index e6dfe116..90c9bdb3 100644 --- a/src/search.php +++ b/src/search.php @@ -1184,7 +1184,7 @@ if (!isset($submit)) { } else { // first validate security token - sm_validate_security_token($submitted_token, 3600, TRUE); + sm_validate_security_token($submitted_token, -1, TRUE); switch ($submit) { case $search_button_text: -- 2.25.1