From 6656c082e03f48d5b4eee506fcca311600363cf8 Mon Sep 17 00:00:00 2001 From: Visman Date: Wed, 23 Sep 2020 21:04:21 +0700 Subject: [PATCH] Add auto calc token for Router\link() --- app/Controllers/Primary.php | 15 +++++++++++++++ app/Core/Router.php | 17 ++++++++++++++++- app/Models/Forum/Model.php | 23 +++-------------------- app/Models/Page.php | 2 +- app/Models/Pages/Admin/Bans.php | 5 +---- app/Models/Pages/Admin/Maintenance.php | 6 +----- app/Models/Pages/Admin/Parser/BBCode.php | 7 +------ app/Models/Pages/Admin/Parser/Smilies.php | 14 ++------------ app/Models/Pages/Admin/Update.php | 17 +++++++++++++++++ app/Models/Pages/Index.php | 7 +------ app/Models/Pages/Profile.php | 16 ++-------------- app/Models/Report/Model.php | 7 +------ app/Models/Topic/Model.php | 16 ++-------------- app/Models/User/Model.php | 8 +------- app/bootstrap.php | 2 +- app/config/install.php | 1 + app/config/main.dist.php | 1 + 17 files changed, 67 insertions(+), 97 deletions(-) diff --git a/app/Controllers/Primary.php b/app/Controllers/Primary.php index daa8d0e0..221eada3 100644 --- a/app/Controllers/Primary.php +++ b/app/Controllers/Primary.php @@ -46,6 +46,21 @@ class Primary 'AdminUpdate' => \ForkBB\Models\Pages\Admin\Update::class, ], ]; + + // fix for Router + if ($this->c->config->i_fork_revision < 17) { + $confChange += [ + 'shared' => [ + 'Router' => [ + 'class' => \ForkBB\Core\Router::class, + 'base_url' => '%BASE_URL%', + 'csrf' => '@Csrf' + ], + + ], + ]; + } + $this->c->config($confChange); return null; diff --git a/app/Core/Router.php b/app/Core/Router.php index aad2190f..fdf2a7f6 100644 --- a/app/Core/Router.php +++ b/app/Core/Router.php @@ -2,6 +2,7 @@ namespace ForkBB\Core; +use ForkBB\Core\Csrf; use InvalidArgumentException; class Router @@ -73,9 +74,15 @@ class Router '(_backslash_)', ]; - public function __construct(string $base) + /** + * @var Csrf + */ + protected $csrf; + + public function __construct(string $base, Csrf $csrf) { $this->baseUrl = $base; + $this->csrf = $csrf; $this->host = \parse_url($base, PHP_URL_HOST); $this->prefix = \parse_url($base, PHP_URL_PATH); $this->length = \strlen($this->prefix); @@ -121,6 +128,14 @@ class Router return $result . $data . $anchor; } + // автоматическое вычисление токена + if ( + \array_key_exists('token', $args) + && ! isset($args['token']) + ) { + $args['token'] = $this->csrf->create($marker, $args); + } + list($link, $names, $request) = $data; $data = []; // перечисление имен переменных для построения ссылки diff --git a/app/Models/Forum/Model.php b/app/Models/Forum/Model.php index b188f156..174dab0e 100644 --- a/app/Models/Forum/Model.php +++ b/app/Models/Forum/Model.php @@ -182,12 +182,7 @@ class Model extends DataModel return $this->c->Router->link( 'MarkRead', [ 'id' => $this->id, - 'token' => $this->c->Csrf->create( - 'MarkRead', - [ - 'id' => $this->id, - ] - ), + 'token' => null, ] ); } @@ -205,13 +200,7 @@ class Model extends DataModel [ 'fid' => $this->id, 'type' => 'subscribe', - 'token' => $this->c->Csrf->create( - 'ForumSubscription', - [ - 'fid' => $this->id, - 'type' => 'subscribe', - ] - ), + 'token' => null, ] ); } @@ -230,13 +219,7 @@ class Model extends DataModel [ 'fid' => $this->id, 'type' => 'unsubscribe', - 'token' => $this->c->Csrf->create( - 'ForumSubscription', - [ - 'fid' => $this->id, - 'type' => 'unsubscribe', - ] - ), + 'token' => null, ] ); } diff --git a/app/Models/Page.php b/app/Models/Page.php index 9a62b3a3..18991e15 100644 --- a/app/Models/Page.php +++ b/app/Models/Page.php @@ -215,7 +215,7 @@ abstract class Page extends Model $r->link( 'Logout', [ - 'token' => $this->c->Csrf->create('Logout'), + 'token' => null, ] ), 'Logout', diff --git a/app/Models/Pages/Admin/Bans.php b/app/Models/Pages/Admin/Bans.php index 0629c057..13960497 100644 --- a/app/Models/Pages/Admin/Bans.php +++ b/app/Models/Pages/Admin/Bans.php @@ -517,10 +517,7 @@ class Bans extends Admin 'AdminBansDelete', [ 'id' => $ban['id'], - 'token' => $this->c->Csrf->create( - 'AdminBansDelete', - $arr - ), + 'token' => null, ] ), ]; diff --git a/app/Models/Pages/Admin/Maintenance.php b/app/Models/Pages/Admin/Maintenance.php index 955f88ee..3f15d7d0 100644 --- a/app/Models/Pages/Admin/Maintenance.php +++ b/app/Models/Pages/Admin/Maintenance.php @@ -225,15 +225,11 @@ class Maintenance extends Admin if ($last) { $args = [ - 'token' => '', + 'token' => null, 'limit' => $v->limit, 'start' => $last + 1, 'clear' => $v->clear ? '1' : '0', ]; - $args['token'] = $this->c->Csrf->create( - 'AdminRebuildIndex', - $args - ); return $this->c->Redirect->page('AdminRebuildIndex', $args)->message(__('Processed posts', $v->start, $last)); } else { diff --git a/app/Models/Pages/Admin/Parser/BBCode.php b/app/Models/Pages/Admin/Parser/BBCode.php index 41579546..6d1ae1f0 100644 --- a/app/Models/Pages/Admin/Parser/BBCode.php +++ b/app/Models/Pages/Admin/Parser/BBCode.php @@ -171,12 +171,7 @@ class BBCode extends Parser 'AdminBBCodeDelete', [ 'id' => $id, - 'token' => $this->c->Csrf->create( - 'AdminBBCodeDelete', - [ - 'id' => $id, - ] - ), + 'token' => null, ] ), 'disabled' => 1 !== $tagData['bb_delete'], diff --git a/app/Models/Pages/Admin/Parser/Smilies.php b/app/Models/Pages/Admin/Parser/Smilies.php index a9642d18..e9ae9ea6 100644 --- a/app/Models/Pages/Admin/Parser/Smilies.php +++ b/app/Models/Pages/Admin/Parser/Smilies.php @@ -198,12 +198,7 @@ class Smilies extends Parser 'AdminSmiliesDelete', [ 'name' => $id, - 'token' => $this->c->Csrf->create( - 'AdminSmiliesDelete', - [ - 'name' => $id, - ] - ), + 'token' => null, ] ), ]; @@ -290,12 +285,7 @@ class Smilies extends Parser 'AdminSmiliesDelete', [ 'name' => $name, - 'token' => $this->c->Csrf->create( - 'AdminSmiliesDelete', - [ - 'name' => $name, - ] - ), + 'token' => null, ] ), ]; diff --git a/app/Models/Pages/Admin/Update.php b/app/Models/Pages/Admin/Update.php index 7dafe6b4..7f6c668f 100644 --- a/app/Models/Pages/Admin/Update.php +++ b/app/Models/Pages/Admin/Update.php @@ -808,4 +808,21 @@ class Update extends Admin return null; } + + /** + * rev.16 to rev.17 + */ + protected function stageNumber16(array $args): ?int + { + $coreConfig = new CoreConfig($this->c->DIR_CONFIG . '/' . self::CONFIG_FILE); + + $coreConfig->add( + 'shared=>Router=>csrf', + '\'@Csrf\'' + ); + + $coreConfig->save(); + + return null; + } } diff --git a/app/Models/Pages/Index.php b/app/Models/Pages/Index.php index 0a27939d..e4556d86 100644 --- a/app/Models/Pages/Index.php +++ b/app/Models/Pages/Index.php @@ -54,12 +54,7 @@ class Index extends Page 'MarkRead', [ 'id' => 0, - 'token' => $this->c->Csrf->create( - 'MarkRead', - [ - 'id' => 0, - ] - ), + 'token' => null, ] ); } diff --git a/app/Models/Pages/Profile.php b/app/Models/Pages/Profile.php index 70470957..935fefb4 100644 --- a/app/Models/Pages/Profile.php +++ b/app/Models/Pages/Profile.php @@ -87,13 +87,7 @@ abstract class Profile extends Page [ 'id' => $id, 'uid' => $this->curUser->id, - 'token' => $this->c->Csrf->create( - 'AdminBansDelete', - [ - 'id' => $id, - 'uid' => $this->curUser->id, - ] - ), + 'token' => null, ] ), __('Unban user'), @@ -171,13 +165,7 @@ abstract class Profile extends Page [ 'action' => 'change_group', 'ids' => $this->curUser->id, - 'token' => $this->c->Csrf->create( - 'AdminUsersAction', - [ - 'action' => 'change_group', - 'ids' => $this->curUser->id, - ] - ), + 'token' => null, ] ); } diff --git a/app/Models/Report/Model.php b/app/Models/Report/Model.php index 578dc7db..b3fa362d 100644 --- a/app/Models/Report/Model.php +++ b/app/Models/Report/Model.php @@ -118,12 +118,7 @@ class Model extends DataModel 'AdminReportsZap', [ 'id' => $this->id, - 'token' => $this->c->Csrf->create( - 'AdminReportsZap', - [ - 'id' => $this->id, - ] - ), + 'token' => null, ] ); } else { diff --git a/app/Models/Topic/Model.php b/app/Models/Topic/Model.php index 024baa74..47890467 100644 --- a/app/Models/Topic/Model.php +++ b/app/Models/Topic/Model.php @@ -170,13 +170,7 @@ class Model extends DataModel [ 'tid' => $this->id, 'type' => 'subscribe', - 'token' => $this->c->Csrf->create( - 'TopicSubscription', - [ - 'tid' => $this->id, - 'type' => 'subscribe', - ] - ), + 'token' => null, ] ); } @@ -191,13 +185,7 @@ class Model extends DataModel [ 'tid' => $this->id, 'type' => 'unsubscribe', - 'token' => $this->c->Csrf->create( - 'TopicSubscription', - [ - 'tid' => $this->id, - 'type' => 'unsubscribe', - ] - ), + 'token' => null, ] ); } diff --git a/app/Models/User/Model.php b/app/Models/User/Model.php index 028c9af0..964afb1f 100644 --- a/app/Models/User/Model.php +++ b/app/Models/User/Model.php @@ -335,13 +335,7 @@ class Model extends DataModel [ 'uid' => $post->user->id, 'pid' => $post->id, - 'token' => $this->c->Csrf->create( - 'AdminUserPromote', - [ - 'uid' => $post->user->id, - 'pid' => $post->id, - ] - ), + 'token' => null, ] ); } else { diff --git a/app/bootstrap.php b/app/bootstrap.php index 89e4e3ce..1da9f3fd 100644 --- a/app/bootstrap.php +++ b/app/bootstrap.php @@ -42,7 +42,7 @@ if ( } $c->PUBLIC_URL = $c->BASE_URL . $forkPublicPrefix; -$c->FORK_REVISION = 16; +$c->FORK_REVISION = 17; $c->START = $forkStart; $c->DIR_APP = __DIR__; $c->DIR_PUBLIC = $forkPublic; diff --git a/app/config/install.php b/app/config/install.php index c0879806..8dd292b2 100644 --- a/app/config/install.php +++ b/app/config/install.php @@ -72,6 +72,7 @@ return [ 'Router' => [ 'class' => \ForkBB\Core\Router::class, 'base_url' => '%BASE_URL%', + 'csrf' => '@Csrf' ], 'Lang' => \ForkBB\Core\Lang::class, 'Mail' => [ diff --git a/app/config/main.dist.php b/app/config/main.dist.php index 96e4efef..e4cdf730 100644 --- a/app/config/main.dist.php +++ b/app/config/main.dist.php @@ -75,6 +75,7 @@ return [ 'Router' => [ 'class' => \ForkBB\Core\Router::class, 'base_url' => '%BASE_URL%', + 'csrf' => '@Csrf' ], 'Lang' => \ForkBB\Core\Lang::class, 'Mail' => [