Merge branch 'release/1.4.6'

daylightstudio · Jan 29, 2020 · fc6d5d7 · fc6d5d7
2 parents 5e9d824 + 133e51d
commit fc6d5d7
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 7 deletions.
diff --git a/fuel/modules/fuel/config/fuel_constants.php b/fuel/modules/fuel/config/fuel_constants.php
@@ -1,6 +1,6 @@
 <?php 
 // INSTALL_ROOT is defined in the index.php bootstrap file
-define('FUEL_VERSION', '1.4.5');
+define('FUEL_VERSION', '1.4.6');
 if (!defined('MODULES_FOLDER'))
 {
 	define('MODULES_FOLDER', '../../fuel/modules');

diff --git a/fuel/modules/fuel/libraries/Form_builder.php b/fuel/modules/fuel/libraries/Form_builder.php
@@ -235,6 +235,8 @@ public function reset()
 		$this->css = array();
 		$this->_pre_process = array();
 		$this->_post_process = array();
+		$this->key_check = NULL;
+		$this->key_check_name = NULL;
 	}
 
 	// --------------------------------------------------------------------

diff --git a/fuel/modules/fuel/libraries/Fuel_base_controller.php b/fuel/modules/fuel/libraries/Fuel_base_controller.php
@@ -121,7 +121,7 @@ protected function _validate_user($permission, $type = '', $show_error = TRUE)
 	 */	
 	protected function _generate_csrf_token()
 	{
-		return md5(uniqid(mt_rand(), TRUE));
+		return $this->security->xss_hash();
 	}
 
 	// --------------------------------------------------------------------
@@ -134,7 +134,7 @@ protected function _generate_csrf_token()
 	 */	
 	protected function _get_csrf_token_name()
 	{
-		return $this->security->get_csrf_token_name();
+		return $this->security->get_csrf_token_name().'_FUEL';
 	}
 
 	// --------------------------------------------------------------------
@@ -147,23 +147,72 @@ protected function _get_csrf_token_name()
 	 */	
 	protected function _prep_csrf()
 	{
-		$hash = $this->_generate_csrf_token();
+		// The session CSRF is only created once otherwise we'll 
+		// have issues with inline module editing and elsewhere
+		if (!$this->_has_session_csrf())
+		{
+			$hash = $this->_generate_csrf_token();
+			$this->_set_session_csrf($hash);
+		}
+		else
+		{
+			$hash = $this->_session_csrf();
+		}
+
 		$this->form_builder->key_check_name = $this->_get_csrf_token_name();
 		$this->form_builder->key_check = $hash;
-		$_SESSION[$this->form_builder->key_check_name] = $hash;
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Determines if the session CSRF exists
+	 *
+	 * @access	protected
+	 * @return	void
+	 */	
+	protected function _has_session_csrf()
+	{
+		return isset($_SESSION[$this->fuel->auth->get_session_namespace()][$this->_get_csrf_token_name()]);
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Sets the session CSRF
+	 *
+	 * @access	protected
+	 * @return	void
+	 */	
+	protected function _set_session_csrf($hash)
+	{
+		$_SESSION[$this->fuel->auth->get_session_namespace()][$this->_get_csrf_token_name()] = $hash;
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Returns the session CSRF
+	 *
+	 * @access	protected
+	 * @return	void
+	 */	
+	protected function _session_csrf()
+	{
+		return !empty($_SESSION[$this->fuel->auth->get_session_namespace()][$this->_get_csrf_token_name()]) ? $_SESSION[$this->fuel->auth->get_session_namespace()][$this->_get_csrf_token_name()] : NULL;
 	}
 
 	// --------------------------------------------------------------------
 
 	/**
-	 * Validates a submission based on the CSRF tokent
+	 * Validates a submission based on the CSRF token
 	 *
 	 * @access	protected
 	 * @return	void
 	 */	
 	protected function _is_valid_csrf()
 	{
-		return !empty($_SESSION[$this->_get_csrf_token_name()]) AND $_SESSION[$this->_get_csrf_token_name()] == $this->input->post($this->_get_csrf_token_name());
+		return !empty($this->_session_csrf()) AND $this->_session_csrf() === $this->input->post($this->_get_csrf_token_name());
 	}
 }