diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-05-01 14:51:41 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-05-01 14:51:41 +0000 |
| commit | 81c436fb8ede77a655a79bca6d613e205b913e86 (patch) | |
| tree | 1a318dbbaa4bfa707ed5b7d7ac57229bed68c8c4 | |
| parent | c1e05db993905492fec2532af7aabd1204fab3f2 (diff) | |
| download | brdo-81c436fb8ede77a655a79bca6d613e205b913e86.tar.gz brdo-81c436fb8ede77a655a79bca6d613e205b913e86.tar.bz2 | |
- Patch #360128 by chx, quicksketch, Frando et al: security fix for simplified AHAH callbacks.
| -rw-r--r-- | includes/form.inc | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/includes/form.inc b/includes/form.inc index f47981a8f..481cd6173 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -1821,6 +1821,14 @@ function form_ahah_callback() { // Get the form from the cache. $form = form_get_cache($form_build_id, $form_state); + if (!$form) { + // If $form cannot be loaded from the cache, the form_build_id in $_POST must + // be invalid, which means that someone performed a POST request onto + // system/ahah without actually viewing the concerned form in the browser. + // This is likely a hacking attempt as it never happens under normal + // circumstances, so we just do nothing. + exit; + } // We will run some of the submit handlers so we need to disable redirecting. $form['#redirect'] = FALSE; @@ -1840,7 +1848,9 @@ function form_ahah_callback() { // Get the callback function from the clicked button. $callback = $form_state['clicked_button']['#ahah']['callback']; - $callback($form, $form_state); + if (drupal_function_exists($callback)) { + $callback($form, $form_state); + } } /** |