diff options
author | Dries Buytaert <dries@buytaert.net> | 2009-01-21 14:47:12 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2009-01-21 14:47:12 +0000 |
commit | c11454db379944b3d95d92c7ca5d425247165d57 (patch) | |
tree | 590fcd4c0b01b95f2a1e700516a04a52d8b3ddb3 /update.php | |
parent | b20de4c1c97ee01fca20e7703b1bcf4f0e714667 (diff) | |
download | brdo-c11454db379944b3d95d92c7ca5d425247165d57.tar.gz brdo-c11454db379944b3d95d92c7ca5d425247165d57.tar.bz2 |
- Patch #361699 by David Rothstein: prevent CSRF on update.php. Already went into D6.
Diffstat (limited to 'update.php')
-rw-r--r-- | update.php | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/update.php b/update.php index 6aec74f6b..b45f2045c 100644 --- a/update.php +++ b/update.php @@ -282,7 +282,7 @@ function update_script_selection_form() { ); $form['submit'] = array( '#type' => 'submit', - '#value' => 'Apply pending updates', + '#value' => 'apply pending updates', ); } return $form; @@ -420,6 +420,7 @@ function update_info_page() { update_task_list('info'); drupal_set_title('Drupal database update'); + $token = drupal_get_token('update'); $output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>'; $output .= "<ol>\n"; $output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n"; @@ -428,7 +429,7 @@ function update_info_page() { $output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n"; $output .= "</ol>\n"; $output .= "<p>When you have performed the steps above, you may proceed.</p>\n"; - $output .= '<form method="post" action="update.php?op=selection"><input type="submit" value="Continue" /></form>'; + $output .= '<form method="post" action="update.php?op=selection&token=' . $token . '"><input type="submit" value="Continue" /></form>'; $output .= "\n"; return $output; } @@ -708,16 +709,21 @@ if (!empty($update_free_access) || $user->uid == 1) { $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : ''; switch ($op) { // update.php ops - case 'info': - $output = update_info_page(); - break; case 'selection': - $output = update_selection_page(); - break; + if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) { + $output = update_selection_page(); + break; + } - case 'Apply pending updates': - update_batch(); + case 'apply pending updates': + if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) { + update_batch(); + break; + } + + case 'info': + $output = update_info_page(); break; case 'results': |