viewgit/inc/functions.php:22 Function utf8_encode() is deprecated [8192]
diff --git a/src/controllers/AdminController.php b/src/controllers/AdminController.php index 5d94dcc77..f78420ecb 100755 --- a/src/controllers/AdminController.php +++ b/src/controllers/AdminController.php @@ -104,6 +104,14 @@ class AdminController extends Controller implements CrawlConstants $view = "signin"; if (!empty($_SESSION['USER_ID'])) { $user = $_SESSION['USER_ID']; + if ($this->getCSRFTime(C\CSRF_TOKEN) == 0 && + $_SERVER['REQUEST_METHOD'] == "GET") { + $_REQUEST[C\CSRF_TOKEN] = $this->generateCSRFToken( + $_SESSION['USER_ID']); + $this->redirectLocation(C\SHORT_BASE_URL . "?" . + http_build_query($_REQUEST)); + exit(); + } } else if (!empty($_SESSION['USER_NAME']) && empty($_REQUEST['u'])) { $user = $this->model("signin")->getUserId($_SESSION['USER_NAME'], "string"); diff --git a/src/controllers/ApiController.php b/src/controllers/ApiController.php index a548c03f5..531e12b13 100644 --- a/src/controllers/ApiController.php +++ b/src/controllers/ApiController.php @@ -63,6 +63,14 @@ class ApiController extends Controller implements CrawlConstants return $this->configureRequest(); } if (isset($_SESSION['USER_ID'])) { + if ($this->getCSRFTime(C\CSRF_TOKEN) == 0 && + $_SERVER['REQUEST_METHOD'] == "GET") { + $_REQUEST[C\CSRF_TOKEN] = $this->generateCSRFToken( + $_SESSION['USER_ID']); + $this->redirectLocation(C\SHORT_BASE_URL . "?" . + http_build_query($_REQUEST)); + exit(); + } $user_id = $_SESSION['USER_ID']; $data['ADMIN'] = 1; } else { diff --git a/src/controllers/Controller.php b/src/controllers/Controller.php index 7c36d05d4..870787ddc 100755 --- a/src/controllers/Controller.php +++ b/src/controllers/Controller.php @@ -647,7 +647,7 @@ abstract class Controller if (strlen($token_value) == 22) { $token_parts = explode("*", $token_value); if (isset($token_parts[1]) && - $token_parts[1] + C\AUTOLOGOUT > time() && + intval(trim($token_parts[1])) + C\AUTOLOGOUT > time() && L\crawlHash($user_id . $token_parts[1] . C\AUTH_KEY) == $token_parts[0]) { $token_okay = true; diff --git a/src/controllers/GroupController.php b/src/controllers/GroupController.php index c5179f21e..926ce11d6 100644 --- a/src/controllers/GroupController.php +++ b/src/controllers/GroupController.php @@ -69,6 +69,14 @@ class GroupController extends Controller implements CrawlConstants return $this->configureRequest(); } if (isset($_SESSION['USER_ID'])) { + if ($this->getCSRFTime(C\CSRF_TOKEN) == 0 && + $_SERVER['REQUEST_METHOD'] == "GET") { + $_REQUEST[C\CSRF_TOKEN] = $this->generateCSRFToken( + $_SESSION['USER_ID']); + $this->redirectLocation(C\SHORT_BASE_URL . "?" . + http_build_query($_REQUEST)); + exit(); + } $user_id = $_SESSION['USER_ID']; $data['ADMIN'] = 1; $data['USERNAME'] = $signin_model->getUserName($user_id); diff --git a/src/controllers/RegisterController.php b/src/controllers/RegisterController.php index 9ef6e8082..5e7ece334 100755 --- a/src/controllers/RegisterController.php +++ b/src/controllers/RegisterController.php @@ -124,6 +124,14 @@ class RegisterController extends Controller implements CrawlConstants { $visitor_model = $this->model("visitor"); if (isset($_SESSION['USER_ID'])) { + if ($this->getCSRFTime(C\CSRF_TOKEN) == 0 && + $_SERVER['REQUEST_METHOD'] == "GET") { + $_REQUEST[C\CSRF_TOKEN] = $this->generateCSRFToken( + $_SESSION['USER_ID']); + $this->redirectLocation(C\SHORT_BASE_URL . "?" . + http_build_query($_REQUEST)); + exit(); + } $user = $_SESSION['USER_ID']; } else { $user = L\remoteAddress(); diff --git a/src/controllers/SearchController.php b/src/controllers/SearchController.php index 809e6ab89..df26e5c55 100755 --- a/src/controllers/SearchController.php +++ b/src/controllers/SearchController.php @@ -441,6 +441,14 @@ class SearchController extends Controller implements CrawlConstants } } if (isset($_SESSION['USER_ID'])) { + if ($this->getCSRFTime(C\CSRF_TOKEN) == 0 && + $_SERVER['REQUEST_METHOD'] == "GET") { + $_REQUEST[C\CSRF_TOKEN] = $this->generateCSRFToken( + $_SESSION['USER_ID']); + $this->redirectLocation(C\SHORT_BASE_URL . "?" . + http_build_query($_REQUEST)); + exit(); + } $user = $_SESSION['USER_ID']; $token_okay = $this->checkCSRFToken(C\CSRF_TOKEN, $user); if ($token_okay === false) { diff --git a/src/controllers/TestsController.php b/src/controllers/TestsController.php index 2793b0ce8..3214b9d69 100644 --- a/src/controllers/TestsController.php +++ b/src/controllers/TestsController.php @@ -80,6 +80,14 @@ class TestsController extends Controller set_error_handler(null); $signin_model = $this->model("signin"); if (isset($_SESSION['USER_ID'])) { + if ($this->getCSRFTime(C\CSRF_TOKEN) == 0 && + $_SERVER['REQUEST_METHOD'] == "GET") { + $_REQUEST[C\CSRF_TOKEN] = $this->generateCSRFToken( + $_SESSION['USER_ID']); + $this->redirectLocation(C\SHORT_BASE_URL . "?" . + http_build_query($_REQUEST)); + exit(); + } $user_id = $_SESSION['USER_ID']; $data['ADMIN'] = 1; $data['USERNAME'] = $signin_model->getUserName($user_id); diff --git a/src/controllers/components/SocialComponent.php b/src/controllers/components/SocialComponent.php index b9c2ec264..d18feb8bd 100644 --- a/src/controllers/components/SocialComponent.php +++ b/src/controllers/components/SocialComponent.php @@ -1862,7 +1862,6 @@ class SocialComponent extends Component implements CrawlConstants $parent->generateCSRFToken($_SESSION["USER_ID"]) ; $_SESSION['DISPLAY_MESSAGE'] = tl('social_component_thread_created'); - //return $parent->redirectLocation($thread_url); return $parent->redirectWithMessage( tl('social_component_thread_created')); break;