[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[14382] branches/SM-1_4-STABLE/squirrelmail
From: pdontthink () users ! sourceforge ! net
Date: 2013-06-18 4:16:50
Message-ID: E1UonLi-000804-8B () sfs-ml-1 ! v29 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 14382
http://sourceforge.net/p/squirrelmail/code/14382
Author: pdontthink
Date: 2013-06-18 04:16:49 +0000 (Tue, 18 Jun 2013)
Log Message:
-----------
Allow more liberal reuse of tokens to avoid cross-frame conflicts
Modified Paths:
--------------
branches/SM-1_4-STABLE/squirrelmail/functions/strings.php
branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php
branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/lang_change.mod
branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php
branches/SM-1_4-STABLE/squirrelmail/src/compose.php
branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php
branches/SM-1_4-STABLE/squirrelmail/src/empty_trash.php
branches/SM-1_4-STABLE/squirrelmail/src/folders_create.php
branches/SM-1_4-STABLE/squirrelmail/src/folders_delete.php
branches/SM-1_4-STABLE/squirrelmail/src/folders_rename_do.php
branches/SM-1_4-STABLE/squirrelmail/src/folders_subscribe.php
branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php
branches/SM-1_4-STABLE/squirrelmail/src/options.php
branches/SM-1_4-STABLE/squirrelmail/src/options_highlight.php
branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php
branches/SM-1_4-STABLE/squirrelmail/src/options_order.php
branches/SM-1_4-STABLE/squirrelmail/src/search.php
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/strings.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2013-06-17 20:31:07 UTC \
(rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/strings.php 2013-06-18 04:16:49 UTC \
(rev 14382) @@ -1403,10 +1403,12 @@
* @param string $token The token to validate
* @param int $validity_period The number of seconds tokens are valid
* for (set to zero to remove valid tokens
- * after only one use; use 3600 to allow
- * tokens to be reused for an hour)
- * (OPTIONAL; default is to only allow tokens
- * to be used once)
+ * after only one use; set to -1 to allow
+ * indefinite re-use (but still subject to
+ * $max_token_age_days - see elsewhere);
+ * use 3600 to allow tokens to be reused for
+ * an hour) (OPTIONAL; default is to only
+ * allow tokens to be used once)
* NOTE this is unrelated to $max_token_age_days
* or rather is an additional time constraint on
* tokens that allows them to be re-used (or not)
@@ -1451,9 +1453,11 @@
$timestamp = $tokens[$token];
// whether valid or not, we want to remove it from
- // user prefs if it's old enough
+ // user prefs if it's old enough (unless requested to
+ // bypass this (in which case $validity_period is -1))
//
- if ($timestamp < $now - $validity_period)
+ if ($validity_period >= 0
+ && $timestamp < $now - $validity_period)
{
unset($tokens[$token]);
setPref($data_dir, $username, 'security_tokens', serialize($tokens));
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php 2013-06-17 \
20:31:07 UTC (rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/delete_move_next/setup.php 2013-06-18 \
04:16:49 UTC (rev 14382) @@ -299,7 +299,7 @@
}
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
sqimap_toggle_flag($imapConnection, $unread_id, '\\Seen', false, true);
}
@@ -314,7 +314,7 @@
}
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
sqimap_msgs_list_delete($imapConnection, $mailbox, $delete_id);
if ($auto_expunge) {
@@ -334,7 +334,7 @@
}
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
// Move message
sqimap_msgs_list_move($imapConnection, $move_id, $targetMailbox);
Modified: branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/lang_change.mod
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/lang_change.mod 2013-06-17 \
20:31:07 UTC (rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/plugins/squirrelspell/modules/lang_change.mod 2013-06-18 \
04:16:49 UTC (rev 14382) @@ -19,7 +19,7 @@
if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
$submitted_token = '';
}
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
global $SQSPELL_APP_DEFAULT;
Modified: branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php 2013-06-17 20:31:07 UTC \
(rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/addressbook.php 2013-06-18 04:16:49 UTC \
(rev 14382) @@ -184,7 +184,7 @@
if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == \
'POST') {
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
/**************************************************
* Add new address *
Modified: branches/SM-1_4-STABLE/squirrelmail/src/compose.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/compose.php 2013-06-17 20:31:07 UTC (rev \
14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/compose.php 2013-06-18 04:16:49 UTC (rev \
14382) @@ -381,7 +381,7 @@
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
/*
* Set $default_charset to correspond with the user's selection
@@ -437,7 +437,7 @@
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if (isset($_FILES['attachfile']) &&
$_FILES['attachfile']['tmp_name'] &&
@@ -527,7 +527,7 @@
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
@@ -576,7 +576,7 @@
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if (saveAttachedFiles($session)) {
plain_error_message(_("Could not move/copy file. File not attached"), \
$color); @@ -592,7 +592,7 @@
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
$signature = $idents[$identity]['signature'];
@@ -607,7 +607,7 @@
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php 2013-06-17 20:31:07 \
UTC (rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/delete_message.php 2013-06-18 04:16:49 \
UTC (rev 14382) @@ -54,7 +54,7 @@
}
// first, validate security token
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
$imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/empty_trash.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/empty_trash.php 2013-06-17 20:31:07 UTC \
(rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/empty_trash.php 2013-06-18 04:16:49 UTC \
(rev 14382) @@ -39,7 +39,7 @@
// first do a security check
if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_FORM))
$submitted_token = '';
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
$imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/folders_create.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/folders_create.php 2013-06-17 20:31:07 \
UTC (rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/folders_create.php 2013-06-18 04:16:49 \
UTC (rev 14382) @@ -43,7 +43,7 @@
/* end of get globals */
// first, validate security token
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
$folder_name = trim($folder_name);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/folders_delete.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/folders_delete.php 2013-06-17 20:31:07 \
UTC (rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/folders_delete.php 2013-06-18 04:16:49 \
UTC (rev 14382) @@ -89,7 +89,7 @@
}
// first, validate security token
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
$imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/folders_rename_do.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/folders_rename_do.php 2013-06-17 20:31:07 \
UTC (rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/folders_rename_do.php 2013-06-18 04:16:49 \
UTC (rev 14382) @@ -41,7 +41,7 @@
/* end globals */
// first, validate security token
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
$new_name = trim($new_name);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/folders_subscribe.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/folders_subscribe.php 2013-06-17 20:31:07 \
UTC (rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/folders_subscribe.php 2013-06-18 04:16:49 \
UTC (rev 14382) @@ -39,7 +39,7 @@
/* end globals */
// first, validate security token
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
$location = get_location();
Modified: branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php 2013-06-17 20:31:07 UTC \
(rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/move_messages.php 2013-06-18 04:16:49 UTC \
(rev 14382) @@ -157,7 +157,7 @@
/* end of get globals */
// security check
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
$imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
$mbx_response=sqimap_mailbox_select($imapConnection, $mailbox);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/options.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/options.php 2013-06-17 20:31:07 UTC (rev \
14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/options.php 2013-06-18 04:16:49 UTC (rev \
14382) @@ -232,7 +232,7 @@
// security check before saving anything...
//FIXME: what about SMOPT_MODE_LINK??
if ($optmode == SMOPT_MODE_SUBMIT) {
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
}
// set empty error message
Modified: branches/SM-1_4-STABLE/squirrelmail/src/options_highlight.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/options_highlight.php 2013-06-17 20:31:07 \
UTC (rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/options_highlight.php 2013-06-18 04:16:49 \
UTC (rev 14382) @@ -64,7 +64,7 @@
($action == 'down')) {
// security check
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
$new_rules = array();
switch($action) {
@@ -101,7 +101,7 @@
} else if ($action == 'save') {
// security check
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if ($color_type == 1) $newcolor = $newcolor_choose;
elseif ($color_type == 2) $newcolor = $newcolor_input;
Modified: branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php 2013-06-17 \
20:31:07 UTC (rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php 2013-06-18 \
04:16:49 UTC (rev 14382) @@ -51,7 +51,7 @@
if (!empty($smaction) && is_array($smaction)) {
// first do a security check
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
$doaction = '';
$identid = 0;
Modified: branches/SM-1_4-STABLE/squirrelmail/src/options_order.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/options_order.php 2013-06-17 20:31:07 UTC \
(rev 14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/options_order.php 2013-06-18 04:16:49 UTC \
(rev 14382) @@ -78,7 +78,7 @@
} else if ($method == 'remove' && $num > 0) {
// first do a security check
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
for ($i=1; $i < 8; $i++) {
removePref($data_dir, $username, "order$i");
@@ -97,7 +97,7 @@
} else if ($method == 'add' && $add) {
// first do a security check
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
/* User should not be able to insert PHP-code here */
$add = str_replace ('<?', '..', $add);
Modified: branches/SM-1_4-STABLE/squirrelmail/src/search.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/search.php 2013-06-17 20:31:07 UTC (rev \
14381)
+++ branches/SM-1_4-STABLE/squirrelmail/src/search.php 2013-06-18 04:16:49 UTC (rev \
14382) @@ -321,7 +321,7 @@
// need to verify security token if user wants to do anything
if (!empty($submit)) {
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
}
if ($submit == _("Search") && !empty($what)) {
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic