Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
* refs #3835
Browse files Browse the repository at this point in the history
  • Loading branch information
Lionel Assepo committed Oct 16, 2015
1 parent c52e9a2 commit 02f5bb9
Showing 1 changed file with 52 additions and 4 deletions.
56 changes: 52 additions & 4 deletions www/lib/HTML/QuickForm.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
'button' =>array('HTML/QuickForm/button.php','HTML_QuickForm_button'),
'submit' =>array('HTML/QuickForm/submit.php','HTML_QuickForm_submit'),
'select' =>array('HTML/QuickForm/select.php','HTML_QuickForm_select'),
'select2' =>array('HTML/QuickForm/select.php','HTML_QuickForm_select2'),
'hiddenselect' =>array('HTML/QuickForm/hiddenselect.php','HTML_QuickForm_hiddenselect'),
'text' =>array('HTML/QuickForm/text.php','HTML_QuickForm_text'),
'textarea' =>array('HTML/QuickForm/textarea.php','HTML_QuickForm_textarea'),
Expand Down Expand Up @@ -84,6 +85,7 @@
'nopunctuation' => array('html_quickform_rule_regex', 'HTML/QuickForm/Rule/Regex.php'),
'nonzero' => array('html_quickform_rule_regex', 'HTML/QuickForm/Rule/Regex.php'),
'callback' => array('html_quickform_rule_callback', 'HTML/QuickForm/Rule/Callback.php'),
'token' => array('html_quickform_rule_token', 'HTML/QuickForm/Rule/Token.php'),
'compare' => array('html_quickform_rule_compare', 'HTML/QuickForm/Rule/Compare.php')
);

Expand Down Expand Up @@ -326,7 +328,7 @@ function HTML_QuickForm($formName='', $method='post', $action='', $target='', $a
default:
$this->_maxFileSize = $matches['1'];
}
}
}
} // end constructor

// }}}
Expand Down Expand Up @@ -1507,19 +1509,21 @@ function getRequiredNote()
*/
function validate()
{
$this->addFormRule(array($this, 'checkSecurityToken'));

if (count($this->_rules) == 0 && count($this->_formRules) == 0 &&
$this->isSubmitted()) {
return (0 == count($this->_errors));
} elseif (!$this->isSubmitted()) {
return false;
}

include_once('HTML/QuickForm/RuleRegistry.php');
$registry =& HTML_QuickForm_RuleRegistry::singleton();

foreach ($this->_rules as $target => $rules) {
$submitValue = $this->getSubmitValue($target);

foreach ($rules as $rule) {
if ((isset($rule['group']) && isset($this->_errors[$rule['group']])) ||
isset($this->_errors[$target])) {
Expand Down Expand Up @@ -1588,7 +1592,7 @@ function validate()
}
}
}

return (0 == count($this->_errors));
} // end func validate

Expand Down Expand Up @@ -1679,6 +1683,7 @@ function process($callback, $mergeFiles = true)
*/
function accept(&$renderer)
{
$this->createSecurityToken();
$renderer->startForm($this);
foreach (array_keys($this->_elements) as $key) {
$element =& $this->_elements[$key];
Expand Down Expand Up @@ -2016,6 +2021,49 @@ function errorMessage($value)
// return the textual error message corresponding to the code
return isset($errorMessages[$value]) ? $errorMessages[$value] : $errorMessages[QUICKFORM_ERROR];
} // end func errorMessage

/**
*
*/
function createSecurityToken()
{
$token = md5(uniqid());
$_SESSION['x-centreon-token'] = $token;
$_SESSION['x-centreon-token-generated-at'] = time();

$myTokenElement = $this->addElement('hidden', 'centreon_token');
$myTokenElement->setValue($token);
}

/**
*
* @param type $submittedValues
* @return boolean
*/
function checkSecurityToken($submittedValues)
{
$success = false;

if (isset($submittedValues['centreon_token']) && isset($_SESSION['x-centreon-token']) && isset($_SESSION['x-centreon-token-generated-at'])) {
$elapsedTime = time() - $_SESSION['x-centreon-token-generated-at'];
if ($elapsedTime < (15 * 60)) {
if ($submittedValues['centreon_token'] == $_SESSION['x-centreon-token']) {
unset($_SESSION['x-centreon-token']);
unset($_SESSION['x-centreon-token-generated-at']);
$success = true;
}
}
}

if ($success) {
$error = true;
} else {
$error = array('centreon_token' => 'The Token is invalid');
echo "<div class='msg' align='center'>"._("The CRSF token is invalid")."</div>";
}

return $error;
}

// }}}
} // end class HTML_QuickForm
Expand Down

0 comments on commit 02f5bb9

Please sign in to comment.