From 6656c082e03f48d5b4eee506fcca311600363cf8 Mon Sep 17 00:00:00 2001 From: Visman Date: Wed, 23 Sep 2020 21:04:21 +0700 Subject: [PATCH] Add auto calc token for Router\link() --- app/Controllers/Primary.php | 15 +++++++++++++++ app/Core/Router.php | 17 ++++++++++++++++- app/Models/Forum/Model.php | 23 +++-------------------- app/Models/Page.php | 2 +- app/Models/Pages/Admin/Bans.php | 5 +---- app/Models/Pages/Admin/Maintenance.php | 6 +----- app/Models/Pages/Admin/Parser/BBCode.php | 7 +------ app/Models/Pages/Admin/Parser/Smilies.php | 14 ++------------ app/Models/Pages/Admin/Update.php | 17 +++++++++++++++++ app/Models/Pages/Index.php | 7 +------ app/Models/Pages/Profile.php | 16 ++-------------- app/Models/Report/Model.php | 7 +------ app/Models/Topic/Model.php | 16 ++-------------- app/Models/User/Model.php | 8 +------- app/bootstrap.php | 2 +- app/config/install.php | 1 + app/config/main.dist.php | 1 + 17 files changed, 67 insertions(+), 97 deletions(-) diff --git a/app/Controllers/Primary.php b/app/Controllers/Primary.php index daa8d0e085baaab4558fcdb1caf3fd9af6551a34..221eada3b1e64f06c1cf089cc9d5314300a49126 100644 --- a/app/Controllers/Primary.php +++ b/app/Controllers/Primary.php @@ -46,6 +46,21 @@ class Primary 'AdminUpdate' => \ForkBB\Models\Pages\Admin\Update::class, ], ]; + + // fix for Router + if ($this->c->config->i_fork_revision < 17) { + $confChange += [ + 'shared' => [ + 'Router' => [ + 'class' => \ForkBB\Core\Router::class, + 'base_url' => '%BASE_URL%', + 'csrf' => '@Csrf' + ], + + ], + ]; + } + $this->c->config($confChange); return null; diff --git a/app/Core/Router.php b/app/Core/Router.php index aad2190fcca05fe331c8abec0ebf56329a23ab8d..fdf2a7f694c7838e890d78c89c2f0687aff99004 100644 --- a/app/Core/Router.php +++ b/app/Core/Router.php @@ -2,6 +2,7 @@ namespace ForkBB\Core; +use ForkBB\Core\Csrf; use InvalidArgumentException; class Router @@ -73,9 +74,15 @@ class Router '(_backslash_)', ]; - public function __construct(string $base) + /** + * @var Csrf + */ + protected $csrf; + + public function __construct(string $base, Csrf $csrf) { $this->baseUrl = $base; + $this->csrf = $csrf; $this->host = \parse_url($base, PHP_URL_HOST); $this->prefix = \parse_url($base, PHP_URL_PATH); $this->length = \strlen($this->prefix); @@ -121,6 +128,14 @@ class Router return $result . $data . $anchor; } + // автоматическое вычисление токена + if ( + \array_key_exists('token', $args) + && ! isset($args['token']) + ) { + $args['token'] = $this->csrf->create($marker, $args); + } + list($link, $names, $request) = $data; $data = []; // перечисление имен переменных для построения ссылки diff --git a/app/Models/Forum/Model.php b/app/Models/Forum/Model.php index b188f156d3ebd349c78e5f3b13c13024d0ccf5a8..174dab0eba7c721f66e578b9fdf1f5f075e13fac 100644 --- a/app/Models/Forum/Model.php +++ b/app/Models/Forum/Model.php @@ -182,12 +182,7 @@ class Model extends DataModel return $this->c->Router->link( 'MarkRead', [ 'id' => $this->id, - 'token' => $this->c->Csrf->create( - 'MarkRead', - [ - 'id' => $this->id, - ] - ), + 'token' => null, ] ); } @@ -205,13 +200,7 @@ class Model extends DataModel [ 'fid' => $this->id, 'type' => 'subscribe', - 'token' => $this->c->Csrf->create( - 'ForumSubscription', - [ - 'fid' => $this->id, - 'type' => 'subscribe', - ] - ), + 'token' => null, ] ); } @@ -230,13 +219,7 @@ class Model extends DataModel [ 'fid' => $this->id, 'type' => 'unsubscribe', - 'token' => $this->c->Csrf->create( - 'ForumSubscription', - [ - 'fid' => $this->id, - 'type' => 'unsubscribe', - ] - ), + 'token' => null, ] ); } diff --git a/app/Models/Page.php b/app/Models/Page.php index 9a62b3a38388d863c88af5d03853b3be205a7164..18991e159d9e15fe47d5a72cf929afd3ccebdab3 100644 --- a/app/Models/Page.php +++ b/app/Models/Page.php @@ -215,7 +215,7 @@ abstract class Page extends Model $r->link( 'Logout', [ - 'token' => $this->c->Csrf->create('Logout'), + 'token' => null, ] ), 'Logout', diff --git a/app/Models/Pages/Admin/Bans.php b/app/Models/Pages/Admin/Bans.php index 0629c0577d992c8a050dd0d633a0ae17f005f10c..1396049721bcae029d0b36d57e7ab723f868a13b 100644 --- a/app/Models/Pages/Admin/Bans.php +++ b/app/Models/Pages/Admin/Bans.php @@ -517,10 +517,7 @@ class Bans extends Admin 'AdminBansDelete', [ 'id' => $ban['id'], - 'token' => $this->c->Csrf->create( - 'AdminBansDelete', - $arr - ), + 'token' => null, ] ), ]; diff --git a/app/Models/Pages/Admin/Maintenance.php b/app/Models/Pages/Admin/Maintenance.php index 955f88ee0726c0996117bafc8ae745eb7fd038a8..3f15d7d0919c79b989018184b9de5e55b2caa122 100644 --- a/app/Models/Pages/Admin/Maintenance.php +++ b/app/Models/Pages/Admin/Maintenance.php @@ -225,15 +225,11 @@ class Maintenance extends Admin if ($last) { $args = [ - 'token' => '', + 'token' => null, 'limit' => $v->limit, 'start' => $last + 1, 'clear' => $v->clear ? '1' : '0', ]; - $args['token'] = $this->c->Csrf->create( - 'AdminRebuildIndex', - $args - ); return $this->c->Redirect->page('AdminRebuildIndex', $args)->message(__('Processed posts', $v->start, $last)); } else { diff --git a/app/Models/Pages/Admin/Parser/BBCode.php b/app/Models/Pages/Admin/Parser/BBCode.php index 415795463f2cf41a50dd29bcb1ee247b7dfdadeb..6d1ae1f0caff18a3d68d95dd71fd997b2651ecf3 100644 --- a/app/Models/Pages/Admin/Parser/BBCode.php +++ b/app/Models/Pages/Admin/Parser/BBCode.php @@ -171,12 +171,7 @@ class BBCode extends Parser 'AdminBBCodeDelete', [ 'id' => $id, - 'token' => $this->c->Csrf->create( - 'AdminBBCodeDelete', - [ - 'id' => $id, - ] - ), + 'token' => null, ] ), 'disabled' => 1 !== $tagData['bb_delete'], diff --git a/app/Models/Pages/Admin/Parser/Smilies.php b/app/Models/Pages/Admin/Parser/Smilies.php index a9642d189dbbc827d1715cc9417b6f260e29214b..e9ae9ea619ecb7da044d738cf69c914de6117e72 100644 --- a/app/Models/Pages/Admin/Parser/Smilies.php +++ b/app/Models/Pages/Admin/Parser/Smilies.php @@ -198,12 +198,7 @@ class Smilies extends Parser 'AdminSmiliesDelete', [ 'name' => $id, - 'token' => $this->c->Csrf->create( - 'AdminSmiliesDelete', - [ - 'name' => $id, - ] - ), + 'token' => null, ] ), ]; @@ -290,12 +285,7 @@ class Smilies extends Parser 'AdminSmiliesDelete', [ 'name' => $name, - 'token' => $this->c->Csrf->create( - 'AdminSmiliesDelete', - [ - 'name' => $name, - ] - ), + 'token' => null, ] ), ]; diff --git a/app/Models/Pages/Admin/Update.php b/app/Models/Pages/Admin/Update.php index 7dafe6b43e727e5637fb745c59fa5f0625e2c53d..7f6c668fe7d70b00f1de91eb79aa5c4a5da088db 100644 --- a/app/Models/Pages/Admin/Update.php +++ b/app/Models/Pages/Admin/Update.php @@ -808,4 +808,21 @@ class Update extends Admin return null; } + + /** + * rev.16 to rev.17 + */ + protected function stageNumber16(array $args): ?int + { + $coreConfig = new CoreConfig($this->c->DIR_CONFIG . '/' . self::CONFIG_FILE); + + $coreConfig->add( + 'shared=>Router=>csrf', + '\'@Csrf\'' + ); + + $coreConfig->save(); + + return null; + } } diff --git a/app/Models/Pages/Index.php b/app/Models/Pages/Index.php index 0a27939d2f41f6f0cac59758b25330f5d3ed0bc0..e4556d86ff5779406a5eca0cc7523f8e9cb957be 100644 --- a/app/Models/Pages/Index.php +++ b/app/Models/Pages/Index.php @@ -54,12 +54,7 @@ class Index extends Page 'MarkRead', [ 'id' => 0, - 'token' => $this->c->Csrf->create( - 'MarkRead', - [ - 'id' => 0, - ] - ), + 'token' => null, ] ); } diff --git a/app/Models/Pages/Profile.php b/app/Models/Pages/Profile.php index 70470957d5a0b2d1ac6050e6b81a30bb1cd74bba..935fefb48d99d6c28b8fff321e2a0bf66f8c331e 100644 --- a/app/Models/Pages/Profile.php +++ b/app/Models/Pages/Profile.php @@ -87,13 +87,7 @@ abstract class Profile extends Page [ 'id' => $id, 'uid' => $this->curUser->id, - 'token' => $this->c->Csrf->create( - 'AdminBansDelete', - [ - 'id' => $id, - 'uid' => $this->curUser->id, - ] - ), + 'token' => null, ] ), __('Unban user'), @@ -171,13 +165,7 @@ abstract class Profile extends Page [ 'action' => 'change_group', 'ids' => $this->curUser->id, - 'token' => $this->c->Csrf->create( - 'AdminUsersAction', - [ - 'action' => 'change_group', - 'ids' => $this->curUser->id, - ] - ), + 'token' => null, ] ); } diff --git a/app/Models/Report/Model.php b/app/Models/Report/Model.php index 578dc7dbb051ffe37333fad0fb875ab6495c3aff..b3fa362d1a08df972d685d2c387bd53824ba16dc 100644 --- a/app/Models/Report/Model.php +++ b/app/Models/Report/Model.php @@ -118,12 +118,7 @@ class Model extends DataModel 'AdminReportsZap', [ 'id' => $this->id, - 'token' => $this->c->Csrf->create( - 'AdminReportsZap', - [ - 'id' => $this->id, - ] - ), + 'token' => null, ] ); } else { diff --git a/app/Models/Topic/Model.php b/app/Models/Topic/Model.php index 024baa749af4d23d589d1d49aef56d7cda39ef2b..47890467bb0fb42b2d39db074914ce64bb3ebabb 100644 --- a/app/Models/Topic/Model.php +++ b/app/Models/Topic/Model.php @@ -170,13 +170,7 @@ class Model extends DataModel [ 'tid' => $this->id, 'type' => 'subscribe', - 'token' => $this->c->Csrf->create( - 'TopicSubscription', - [ - 'tid' => $this->id, - 'type' => 'subscribe', - ] - ), + 'token' => null, ] ); } @@ -191,13 +185,7 @@ class Model extends DataModel [ 'tid' => $this->id, 'type' => 'unsubscribe', - 'token' => $this->c->Csrf->create( - 'TopicSubscription', - [ - 'tid' => $this->id, - 'type' => 'unsubscribe', - ] - ), + 'token' => null, ] ); } diff --git a/app/Models/User/Model.php b/app/Models/User/Model.php index 028c9af0dd3e4b08bdd6e0ad32f5bd7c8dc9f798..964afb1f3fd3305ef0a7378b6b5777197c41545d 100644 --- a/app/Models/User/Model.php +++ b/app/Models/User/Model.php @@ -335,13 +335,7 @@ class Model extends DataModel [ 'uid' => $post->user->id, 'pid' => $post->id, - 'token' => $this->c->Csrf->create( - 'AdminUserPromote', - [ - 'uid' => $post->user->id, - 'pid' => $post->id, - ] - ), + 'token' => null, ] ); } else { diff --git a/app/bootstrap.php b/app/bootstrap.php index 89e4e3ce5199f28c1741b456359e08cec7b22365..1da9f3fd06a1a05fe83964fcecdfe14b789b3c8b 100644 --- a/app/bootstrap.php +++ b/app/bootstrap.php @@ -42,7 +42,7 @@ if ( } $c->PUBLIC_URL = $c->BASE_URL . $forkPublicPrefix; -$c->FORK_REVISION = 16; +$c->FORK_REVISION = 17; $c->START = $forkStart; $c->DIR_APP = __DIR__; $c->DIR_PUBLIC = $forkPublic; diff --git a/app/config/install.php b/app/config/install.php index c08798065203f4ab6fcec09752c395600125a0af..8dd292b2f0100361db04f3012ee9df364fa3e14a 100644 --- a/app/config/install.php +++ b/app/config/install.php @@ -72,6 +72,7 @@ return [ 'Router' => [ 'class' => \ForkBB\Core\Router::class, 'base_url' => '%BASE_URL%', + 'csrf' => '@Csrf' ], 'Lang' => \ForkBB\Core\Lang::class, 'Mail' => [ diff --git a/app/config/main.dist.php b/app/config/main.dist.php index 96e4efef0f83af338c3caf9dfaf04c65bd03a30d..e4cdf73074d9a447cf36908aa3ce653a85ef23d9 100644 --- a/app/config/main.dist.php +++ b/app/config/main.dist.php @@ -75,6 +75,7 @@ return [ 'Router' => [ 'class' => \ForkBB\Core\Router::class, 'base_url' => '%BASE_URL%', + 'csrf' => '@Csrf' ], 'Lang' => \ForkBB\Core\Lang::class, 'Mail' => [