Todo: faille CSRF -- creation d'un jeton al�atoire pour valider les requetes POST

htdocs/admin/const.php

@@ -30,10 +30,16 @@ require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
 
 $langs->load("admin");
 
-//Todo protection faille CSRF !!!
+//Todo: protection faille CSRF !!!
 if (! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
 accessforbidden();
 
+//Todo: Verification de la presence et de la validite du jeton précédent
+if (isset($_POST['token']) && isset($_SESSION['oldtoken']))
+{
+	if ($_POST['token'] != $_SESSION['oldtoken']) accessforbidden();
+}
+
 if (!$user->admin)
 accessforbidden();
 
@@ -141,6 +147,9 @@ if ($result)
 		print '<input type="hidden" name="action" value="update">';
 		print '<input type="hidden" name="rowid" value="'.$obj->rowid.'">';
 		print '<input type="hidden" name="constname" value="'.$obj->name.'">';
+		
+		// Ajout du nouveau jeton dans les requetes POST
+		print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 
 		print "<tr $bc[$var] class=value><td>$obj->name</td>\n";
 

htdocs/main.inc.php

@@ -168,6 +168,11 @@ session_name($sessionname);
 session_start();
 dol_syslog("Start session name=".$sessionname." Session id()=".session_id().", _SESSION['dol_login']=".(isset($_SESSION["dol_login"])?$_SESSION["dol_login"]:'').", ".ini_get("session.gc_maxlifetime"));
 
+//Todo: Creation d'un jeton contre les failles CSRF
+$token = md5(uniqid(rand(),TRUE)); // Genere un hash d'un nombre aleatoire
+$_SESSION['oldtoken'] = $_SESSION['newtoken']; // roulement des jetons car créé à chaque appel
+$_SESSION['newtoken'] = $token;
+
 // Retrieve the entity in login form or in the cookie.
 // This must be after the init of session (session_start) or this create serious pb of corrupted session.
 /*