Author: Nikita Popov (nikic)
Date: 2021-04-05T23:02:03+02:00
Commit:
https://github.com/php/web-bugs/commit/381dea4249d2e80e80625f19cea9fcc7a10fd55e
Raw diff:
https://github.com/php/web-bugs/commit/381dea4249d2e80e80625f19cea9fcc7a10fd55e.diff
Directly check token for rpc.php
Make this code independent of user authentication by checking
for a hardcoded token.
Changed paths:
M www/rpc.php
Diff:
diff --git a/www/rpc.php b/www/rpc.php
index b6086c73..c532027f 100644
--- a/www/rpc.php
+++ b/www/rpc.php
@@ -19,20 +19,13 @@
// Obtain common includes
require_once '../include/prepend.php';
-if (isset($_POST['MAGIC_COOKIE'])) {
- list($user, $pwd) = explode(":", base64_decode($_POST['MAGIC_COOKIE']), 2);
- $auth_user = new stdClass;
- $auth_user->handle = $user;
- $auth_user->password = $pwd;
-} else {
- echo json_encode(['result' => ['error' => 'Missing credentials']]);
+if (!isset($_POST['MAGIC_COOKIE'])) {
+ echo json_encode(['result' => ['error' => 'Missing token']]);
exit;
}
-bugs_authenticate($user, $pwd, $logged_in, $user_flags);
-
-if (empty($auth_user->handle)) {
- echo json_encode(['result' => ['error' => 'Invalid user or password']]);
+if (sha1($_POST['MAGIC_COOKIE']) !==
'8514f801cfba2ec74ec08264567ba291485f2765') {
+ echo json_encode(['result' => ['error' => 'Invalid token']]);
exit;
}
@@ -45,7 +38,8 @@
exit;
}
-if (!bugs_has_access($bug_id, $bug, $pwd, $user_flags)) {
+// Be conservative: Do not allow access to private bugs.
+if ($bug['private'] === 'Y') {
echo json_encode(['result' => ['error' => 'No access to bug']]);
exit;
}
--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
