Nearly all <FORM> blocks now contain a hidden input

tag containing a session nonce.  If the nonce does not match, the request
is cancelled.

diff --git a/webcit/auth.c b/webcit/auth.c
index 01f53a1c46a9f8a221cad7c2df1da3d0128ab79d..748028f85a0a79228ba0cd374ce62fadba2f83d8 100644 (file)
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -403,7 +403,7 @@ void validate(void)
        wprintf(_("Select access level for this user:"));
        wprintf("<br />\n");
        for (a = 0; a <= 6; ++a) {
-               wprintf("<a href=\"validate&user=");
+               wprintf("<a href=\"validate?nonce=%ld?user=", WC->nonce);
                urlescputs(user);
                wprintf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
                        a, axdefs[a]);
@@ -488,6 +488,7 @@ void display_changepw(void)
        }
 
        wprintf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<CENTER>"
                "<table border=\"0\" cellspacing=\"5\" cellpadding=\"5\" "
                "BGCOLOR=\"#EEEEEE\">"

diff --git a/webcit/calendar.c b/webcit/calendar.c
index 73c3647c9b7ecf0364b58cd58b3b8d35bfe411ba..489d58a1f9ed9ff7caf506910848eaaf307bfe2d 100644 (file)
--- a/webcit/calendar.c
+++ b/webcit/calendar.c
@@ -517,6 +517,7 @@ void display_edit_individual_task(icalcomponent *supplied_vtodo, long msgnum) {
                "<table class=\"calendar_background\"><tr><td>");
        
        wprintf("<FORM METHOD=\"POST\" action=\"save_task\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<INPUT TYPE=\"hidden\" NAME=\"msgnum\" VALUE=\"%ld\">\n",
                msgnum);
 

diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index a4759ce9911e9a576b1dc2dcd30ab25d776c0604..cb1a907f62771e01c281dd84139fbaba86025ab3 100644 (file)
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -468,6 +468,7 @@ void context_loop(int sock)
                strcpy(TheSession->httpauth_pass, httpauth_pass);
                pthread_mutex_init(&TheSession->SessionMutex, NULL);
                pthread_mutex_lock(&SessionListMutex);
+               TheSession->nonce = rand();
                TheSession->next = SessionList;
                SessionList = TheSession;
                pthread_mutex_unlock(&SessionListMutex);

diff --git a/webcit/downloads.c b/webcit/downloads.c
index d3ffe37bb5f3fa399fc073b73f5432ab670dd886..d29e7fc7ebd635f8658436332dd2ccaca2c7fbf8 100644 (file)
--- a/webcit/downloads.c
+++ b/webcit/downloads.c
@@ -1,5 +1,5 @@
 /*
- * $Id: downloads.c 4849 2007-01-08 20:05:56Z ajc $
+ * $Id$
  */
 #include "webcit.h"
 
@@ -64,6 +64,7 @@ void display_room_directory(void)
                        "name=\"upload_file_form\""
                        ">\n"
                );
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
                wprintf(_("Upload a file:"));
                wprintf("&nbsp;<input NAME=\"filename\" SIZE=16 TYPE=\"file\">&nbsp;\n");

diff --git a/webcit/event.c b/webcit/event.c
index 3ea0806ff5774025242d439b944fb12c2b402f67..37d6af5651cdd69178181fcd5b1880720bf63b6a 100644 (file)
--- a/webcit/event.c
+++ b/webcit/event.c
@@ -123,6 +123,7 @@ void display_edit_individual_event(icalcomponent *supplied_vevent, long msgnum)
        *************************************************************/
 
        wprintf("<FORM NAME=\"EventForm\" METHOD=\"POST\" action=\"save_event\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf("<INPUT TYPE=\"hidden\" NAME=\"msgnum\" VALUE=\"%ld\">\n",
                msgnum);

diff --git a/webcit/floors.c b/webcit/floors.c
index bc92b445519abf7c3341b338281866e136325a5f..da7e0061a4f89ea0bc0386be0e0451bd4556d729 100644 (file)
--- a/webcit/floors.c
+++ b/webcit/floors.c
@@ -95,6 +95,7 @@ void display_floorconfig(char *prepend_html)
                        "<INPUT TYPE=\"text\" NAME=\"floorname\" "
                        "VALUE=\"%s\" MAXLENGTH=\"250\">\n",
                        floornum, floorname);
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
                wprintf("<INPUT TYPE=\"SUBMIT\" NAME=\"sc\" "
                        "VALUE=\"%s\">"
                        "</FORM></TD>", _("Change name"));
@@ -108,6 +109,7 @@ void display_floorconfig(char *prepend_html)
                        "<INPUT TYPE=\"text\" NAME=\"floorcss\" "
                        "VALUE=\"%s\" MAXLENGTH=\"250\">\n",
                        floornum, floorname);
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
                wprintf("<INPUT TYPE=\"SUBMIT\" NAME=\"sc\" "
                        "VALUE=\"%s\">"
                        "</FORM></TD>", _("Change CSS"));

diff --git a/webcit/graphics.c b/webcit/graphics.c
index 90333ecd328f8bd53508f401ddafa3fb32d03e1f..daeff6d349c32c9adbe5f91e032fed979be48ca2 100644 (file)
--- a/webcit/graphics.c
+++ b/webcit/graphics.c
@@ -38,6 +38,7 @@ void display_graphics_upload(char *description, char *check_cmd, char *uplurl)
        wprintf("<FORM ENCTYPE=\"multipart/form-data\" action=\"%s\" "
                "METHOD=\"POST\" NAME=\"graphicsupload\">\n", uplurl);
 
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<INPUT TYPE=\"hidden\" NAME=\"which_room\" VALUE=\"");
        urlescputs(bstr("which_room"));
        wprintf("\">\n");

diff --git a/webcit/iconbar.c b/webcit/iconbar.c
index abfa0c172de1539dd04255bcb5507df6d3b56df5..a69aab1602f967360582ab6c81c47c18acead2dc 100644 (file)
--- a/webcit/iconbar.c
+++ b/webcit/iconbar.c
@@ -494,6 +494,7 @@ void display_customize_iconbar(void) {
                "<table class=\"iconbar_background\"><tr><td>");
 
        wprintf("<FORM METHOD=\"POST\" action=\"commit_iconbar\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf("<CENTER>");
        wprintf(_("Display icons as:"));

diff --git a/webcit/inetconf.c b/webcit/inetconf.c
index 70c707191de696a1e9034447f4bd4e03f752d083..c7066cda9d06198263b4b3da9e9cc0408da69373 100644 (file)
--- a/webcit/inetconf.c
+++ b/webcit/inetconf.c
@@ -130,8 +130,9 @@ void display_inetconf(void)
                                wprintf("</font></a></TD></TR>\n");
                        }
                }
-               wprintf("<FORM METHOD=\"POST\" action=\"save_inetconf\">\n"
-                       "<TR><TD>"
+               wprintf("<FORM METHOD=\"POST\" action=\"save_inetconf\">\n");
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
+               wprintf("<TR><TD>"
                        "<INPUT TYPE=\"text\" NAME=\"ename\" MAXLENGTH=\"64\">"
                        "<INPUT TYPE=\"hidden\" NAME=\"etype\" VALUE=\"%s\">", ic_keyword[which]);
                wprintf("</TD><TD ALIGN=RIGHT>"

diff --git a/webcit/listsub.c b/webcit/listsub.c
index cadf60b4884c93c5e58df29ae1fd64742fc5f2bf..2000c3c181a7bc18890e8a66bdef9eaab422ba5b 100644 (file)
--- a/webcit/listsub.c
+++ b/webcit/listsub.c
@@ -168,9 +168,9 @@ void do_listsub(void)
         * Any other (invalid) command causes the form to be displayed
         */
        else {
-FORM:          wprintf("<FORM METHOD=\"POST\" action=\"listsub\">\n"
-                       "<TABLE BORDER=0>\n"
-               );
+FORM:          wprintf("<FORM METHOD=\"POST\" action=\"listsub\">\n");
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
+               wprintf("<TABLE BORDER=0>\n");
 
                wprintf("<TR><TD>Name of list</TD><TD>"
                        "<SELECT NAME=\"room\" SIZE=1>\n");

diff --git a/webcit/mainmenu.c b/webcit/mainmenu.c
index 5560c060b109ffdeb38cb32b875faabe00fabe19..0436a77a270abb0c7783ebff2052da8ed70f8b32 100644 (file)
--- a/webcit/mainmenu.c
+++ b/webcit/mainmenu.c
@@ -302,6 +302,7 @@ void display_generic(void)
        wprintf("<br />\n");
 
        wprintf("<form method=\"post\" action=\"do_generic\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf(_("Enter command:"));
        wprintf("<br /><input type=\"text\" name=\"g_cmd\" size=80 maxlength=\"250\"><br />\n");

diff --git a/webcit/messages.c b/webcit/messages.c
index 27bccfa61027f0395f54b7d98dbf84e43d60d404..b4aea13fe3a22f14e7021b96dab57754baaec795 100644 (file)
--- a/webcit/messages.c
+++ b/webcit/messages.c
@@ -2950,6 +2950,7 @@ void display_enter(void)
                wprintf("<input type=\"hidden\" name=\"wikipage\" value=\"%s\">\n", bstr("wikipage"));
        }
        wprintf("<input type=\"hidden\" name=\"return_to\" value=\"%s\">\n", bstr("return_to"));
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        /** header bar */
 
@@ -3270,6 +3271,7 @@ void confirm_move_msg(void)
        wprintf("<br />\n");
 
        wprintf("<form METHOD=\"POST\" action=\"move_msg\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<INPUT TYPE=\"hidden\" NAME=\"msgid\" VALUE=\"%s\">\n", bstr("msgid"));
 
        wprintf("<SELECT NAME=\"target_room\" SIZE=5>\n");

diff --git a/webcit/netconf.c b/webcit/netconf.c
index e4e01f27b02fe5c76235c35b754a2e2f8286b2c5..7479fb2b3a360ca527d07e46ef9403c69cf0cd0a 100644 (file)
--- a/webcit/netconf.c
+++ b/webcit/netconf.c
@@ -71,6 +71,7 @@ void display_add_node(void)
        wprintf("</div>\n<div id=\"content\">\n");
 
        wprintf("<FORM METHOD=\"POST\" action=\"edit_node\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<CENTER><TABLE border=0>\n");
        wprintf("<TR><TD>%s</TD>", _("Node name"));
        wprintf("<TD><INPUT TYPE=\"text\" NAME=\"node\" MAXLENGTH=\"16\"></TD></TR>\n");
@@ -124,6 +125,7 @@ void display_edit_node(void)
 
                        if (!strcasecmp(node, cnode)) {
                                wprintf("<FORM METHOD=\"POST\" action=\"edit_node\">\n");
+                               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
                                wprintf("<CENTER><TABLE border=0>\n");
                                wprintf("<TR><TD>");
                                wprintf(_("Node name"));

diff --git a/webcit/paging.c b/webcit/paging.c
index b8b0bb37891dbdb1f34e269211758b1dbdc7f311..0932db026f6fc84f756de5455980816cf7869b7b 100644 (file)
--- a/webcit/paging.c
+++ b/webcit/paging.c
@@ -35,6 +35,7 @@ void display_page(void)
        wprintf("<br>\n");
 
        wprintf("<FORM METHOD=\"POST\" action=\"page_user\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf("<TABLE border=0 width=100%%><TR><TD>\n");
 
@@ -483,6 +484,7 @@ void chat_send(void) {
        WC->chat_sock = i;
 
        wprintf("<FORM METHOD=\"POST\" action=\"chat_send\" NAME=\"chatsendform\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<INPUT TYPE=\"text\" SIZE=\"80\" MAXLENGTH=\"%d\" "
                "NAME=\"send_this\">\n", SIZ-10);
        wprintf("<br />");

diff --git a/webcit/preferences.c b/webcit/preferences.c
index 48db2583294fd89d9557a61eb9947bafee77da77..fac58a6b45e04ff3eadd69c9c87ff36ffb396941 100644 (file)
--- a/webcit/preferences.c
+++ b/webcit/preferences.c
@@ -217,6 +217,7 @@ void display_preferences(void)
                "<form name=\"prefform\" action=\"set_preferences\" "
                "method=\"post\">\n"
                "<table border=0 cellspacing=5 cellpadding=5>\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        /**
         * Room list view

diff --git a/webcit/roomops.c b/webcit/roomops.c
index 25943084df58bada7bf7e1ec34992c600a1c3959..832b622d1e4ae39d8e6d6bbeac4d792329c46e99 100644 (file)
--- a/webcit/roomops.c
+++ b/webcit/roomops.c
@@ -1176,6 +1176,7 @@ void display_editroom(void)
 
        if (!strcmp(tab, "config")) {
                wprintf("<FORM METHOD=\"POST\" action=\"editroom\">\n");
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        
                wprintf("<UL><LI>");
                wprintf(_("Name of room: "));
@@ -1429,9 +1430,9 @@ void display_editroom(void)
                        extract_token(node, buf, 0, '|', sizeof node);
                        extract_token(remote_room, buf, 1, '|', sizeof remote_room);
                        if (strlen(node) > 0) {
-                               wprintf("<FORM METHOD=\"POST\" "
-                                       "action=\"netedit\">"
-                                       "<TR><TD>%s</TD>\n", node);
+                               wprintf("<FORM METHOD=\"POST\" action=\"netedit\">");
+                               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
+                               wprintf("<TR><TD>%s</TD>\n", node);
 
                                wprintf("<TD>");
                                if (strlen(remote_room) > 0) {
@@ -1472,9 +1473,9 @@ void display_editroom(void)
                for (i=0; i<num_tokens(not_shared_with, '\n'); ++i) {
                        extract_token(node, not_shared_with, i, '\n', sizeof node);
                        if (strlen(node) > 0) {
-                               wprintf("<FORM METHOD=\"POST\" "
-                                       "action=\"netedit\">"
-                                       "<TR><TD>");
+                               wprintf("<FORM METHOD=\"POST\" action=\"netedit\">");
+                               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
+                               wprintf("<TR><TD>");
                                escputs(node);
                                wprintf("</TD><TD>"
                                        "<INPUT TYPE=\"INPUT\" "
@@ -1544,6 +1545,7 @@ void display_editroom(void)
                wprintf("<br /><FORM METHOD=\"POST\" action=\"netedit\">\n"
                        "<INPUT TYPE=\"hidden\" NAME=\"tab\" VALUE=\"listserv\">\n"
                        "<INPUT TYPE=\"hidden\" NAME=\"prefix\" VALUE=\"listrecp|\">\n");
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
                wprintf("<INPUT TYPE=\"text\" id=\"add_as_listrecp\" NAME=\"line\">\n");
                wprintf("<INPUT TYPE=\"submit\" NAME=\"add_button\" VALUE=\"%s\">", _("Add"));
                wprintf("</FORM>\n");
@@ -1574,6 +1576,7 @@ void display_editroom(void)
                wprintf("<br /><FORM METHOD=\"POST\" action=\"netedit\">\n"
                        "<INPUT TYPE=\"hidden\" NAME=\"tab\" VALUE=\"listserv\">\n"
                        "<INPUT TYPE=\"hidden\" NAME=\"prefix\" VALUE=\"digestrecp|\">\n");
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
                wprintf("<INPUT TYPE=\"text\" id=\"add_as_digestrecp\" NAME=\"line\">\n");
                wprintf("<INPUT TYPE=\"submit\" NAME=\"add_button\" VALUE=\"%s\">", _("Add"));
                wprintf("</FORM>\n");
@@ -1638,6 +1641,7 @@ void display_editroom(void)
                }
                
                wprintf("<br /><FORM METHOD=\"POST\" action=\"set_room_policy\">\n");
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
                wprintf("<TABLE border=0 cellspacing=5>\n");
                wprintf("<TR><TD>");
                wprintf(_("Message expire policy for this room"));
@@ -1987,6 +1991,7 @@ void display_whok(void)
        wprintf("<br /><br />");
        
         wprintf("<CENTER><FORM METHOD=\"POST\" action=\"do_invt_kick\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<INPUT TYPE=\"hidden\" NAME=\"tab\" VALUE=\"access\">\n");
         wprintf("<SELECT NAME=\"username\" SIZE=\"10\" style=\"width:100%%\">\n");
         serv_puts("WHOK");
@@ -2011,6 +2016,7 @@ void display_whok(void)
 
         wprintf("<CENTER><FORM METHOD=\"POST\" action=\"do_invt_kick\">\n");
        wprintf("<INPUT TYPE=\"hidden\" NAME=\"tab\" VALUE=\"access\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
         wprintf(_("Invite:"));
        wprintf(" ");
         wprintf("<input type=\"text\" name=\"username\" style=\"width:100%%\"><br />\n"
@@ -2055,6 +2061,7 @@ void display_entroom(void)
                "<table class=\"roomops_background\"><tr><td>\n");
 
        wprintf("<form name=\"create_room_form\" method=\"POST\" action=\"entroom\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf("<UL><LI>");
        wprintf(_("Name of room: "));
@@ -2277,6 +2284,7 @@ void display_private(char *rname, int req_pass)
        wprintf("\n<br /><br />");
 
        wprintf("<FORM METHOD=\"POST\" action=\"goto_private\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf("<table border=\"0\" cellspacing=\"5\" "
                "cellpadding=\"5\" class=\"roomops_background_alt\">\n"
@@ -2360,6 +2368,7 @@ void display_zap(void)
                "to do?<br />\n"), WC->wc_roomname);
 
        wprintf("<FORM METHOD=\"POST\" action=\"zap\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<INPUT TYPE=\"submit\" NAME=\"ok_button\" VALUE=\"%s\">", _("Zap this room"));
        wprintf("&nbsp;");
        wprintf("<INPUT TYPE=\"submit\" NAME=\"cancel_button\" VALUE=\"%s\">", _("Cancel"));

diff --git a/webcit/setup_wizard.c b/webcit/setup_wizard.c
index 76c7ed8e29f06d0966896b430bc8bf0ad2129ca2..886046759519bfc5d04cd7c53033b068ed1189f2 100644 (file)
--- a/webcit/setup_wizard.c
+++ b/webcit/setup_wizard.c
@@ -40,6 +40,7 @@ void do_setup_wizard(void)
        wprintf("<div class=\"fix_scrollbar_bug\">"
                "<form method=\"post\" action=\"setup_wizard\">\n"
        );
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf("<div align=center>"
                "This is where the setup wizard will be placed.<br>\n"

diff --git a/webcit/sieve.c b/webcit/sieve.c
index e4c97d1d85db65f6892849d5b23609e9b2c39ba9..929faafc598eb3f01981d492b2311fe0d7a056cb 100644 (file)
--- a/webcit/sieve.c
+++ b/webcit/sieve.c
@@ -1,5 +1,5 @@
 /* 
- * $Id: $
+ * $Id$
  */
 /**
  * \defgroup Sieve view/edit sieve config
@@ -87,6 +87,7 @@ void display_sieve(void)
 
 
        wprintf("<form id=\"sieveform\" method=\"post\" action=\"save_sieve\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf(_("When new mail arrives: "));
         wprintf("<select name=\"bigaction\" size=1 onChange=\"ToggleSievePanels();\">\n");
@@ -613,6 +614,7 @@ void display_add_remove_scripts(char *message)
        wprintf("<br /><br />");
 
         wprintf("<center><form method=\"POST\" action=\"create_script\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
         wprintf(_("Script name: "));
         wprintf("<input type=\"text\" name=\"script_name\"><br />\n"
                "<input type=\"submit\" name=\"create_button\" value=\"%s\">"
@@ -638,6 +640,7 @@ void display_add_remove_scripts(char *message)
        
         wprintf("<center>"
                "<form method=\"POST\" action=\"delete_script\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
         wprintf("<select name=\"script_name\" size=10 style=\"width:100%%\">\n");
 
         serv_puts("MSIV listscripts");

diff --git a/webcit/siteconfig.c b/webcit/siteconfig.c
index 206992e6b50911edaaee5a2eb866a7158891fcb8..438ddad9f03cdc30ee3ece7ec7430796a3b66bb5 100644 (file)
--- a/webcit/siteconfig.c
+++ b/webcit/siteconfig.c
@@ -111,6 +111,7 @@ void display_siteconfig(void)
                );
 
        wprintf("<form method=\"post\" action=\"siteconfig\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        i = 0;
        while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) {

diff --git a/webcit/sysmsgs.c b/webcit/sysmsgs.c
index 86a5e6fed5cdda72e0f93885e453952141abf744..f4222ccb14d51c8f9b35512eb43069f3ce04d43f 100644 (file)
--- a/webcit/sysmsgs.c
+++ b/webcit/sysmsgs.c
@@ -47,6 +47,7 @@ void display_edit(char *description, char *check_cmd,
        wprintf("<br />");
 
        wprintf("<FORM METHOD=\"POST\" action=\"%s\">\n", save_cmd);
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<TEXTAREA NAME=\"msgtext\" wrap=soft "
                "ROWS=10 COLS=80 WIDTH=80>\n");
        serv_puts(read_cmd);

diff --git a/webcit/useredit.c b/webcit/useredit.c
index a74d7bcfb3a6f72f4b14bcc752b799accbc08155..06b54b1759955d04e0dd232431d4782076e03ac9 100644 (file)
--- a/webcit/useredit.c
+++ b/webcit/useredit.c
@@ -45,6 +45,7 @@ void select_user_to_edit(char *message, char *preselect)
        wprintf("<br /><br />");
 
         wprintf("<center><form method=\"POST\" action=\"create_user\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
         wprintf(_("New user: "));
         wprintf("<input type=\"text\" name=\"username\"><br />\n"
                "<input type=\"submit\" name=\"create_button\" value=\"%s\">"
@@ -63,6 +64,7 @@ void select_user_to_edit(char *message, char *preselect)
        
         wprintf("<center>"
                "<form method=\"POST\" action=\"display_edituser\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
         wprintf("<select name=\"username\" size=10 style=\"width:100%%\">\n");
         serv_puts("LIST");
         serv_getln(buf, sizeof buf);
@@ -294,6 +296,7 @@ void display_edituser(char *supplied_username, int is_new) {
        wprintf("<input type=\"hidden\" name=\"is_new\" value=\"%d\">\n"
                "<input type=\"hidden\" name=\"usernum\" value=\"%ld\">\n",
                is_new, usernum);
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        wprintf("<input type=\"hidden\" name=\"flags\" value=\"%d\">\n", flags);
 

diff --git a/webcit/vcard_edit.c b/webcit/vcard_edit.c
index 9a8f6d837be8681b8aad92f3d3e334e12d09879c..a0d143636a1062bbaf2f25f3cad4962f5a049c31 100644 (file)
--- a/webcit/vcard_edit.c
+++ b/webcit/vcard_edit.c
@@ -186,6 +186,7 @@ void do_edit_vcard(long msgnum, char *partnum, char *return_to) {
        );
 
        wprintf("<form method=\"POST\" action=\"submit_vcard\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<div class=\"fix_scrollbar_bug\">"
                "<table class=\"vcard_edit_background\"><tr><td>\n");
 

diff --git a/webcit/webcit.c b/webcit/webcit.c
index 36c4fe8f7c19027c2c7a8d418c694ef629c6801e..3e93030717adea7a3b5338378eb7f49edbd7e7eb 100644 (file)
--- a/webcit/webcit.c
+++ b/webcit/webcit.c
@@ -1200,14 +1200,26 @@ void session_loop(struct httprequest *req)
                else 
                {
                        lprintf(9, "Suspicious request. Ignoring.");
-                       wprintf("HTTP/1.1 404 Not found. Don't try to Trick me DUDE!\r\n");
+                       wprintf("HTTP/1.1 404 Security check failed\r\n");
                        wprintf("Content-Type: text/plain\r\n");
                        wprintf("\r\n");
-                       wprintf("Not found. Don't play games on me!\r\n");
+                       wprintf("Security check failed.\r\n");
                }
                goto SKIP_ALL_THIS_CRAP;        /* Don't try to connect */
        }
 
+       /* If the client sent a nonce that is incorrect, kill the request. */
+       if (strlen(bstr("nonce")) > 0) {
+               if (atoi(bstr("nonce")) != WC->nonce) {
+                       lprintf(9, "Ignoring request with mismatched nonce.\n");
+                       wprintf("HTTP/1.1 404 Security check failed\r\n");
+                       wprintf("Content-Type: text/plain\r\n");
+                       wprintf("\r\n");
+                       wprintf("Security check failed.\r\n");
+                       goto SKIP_ALL_THIS_CRAP;
+               }
+       }
+
        /**
         * If we're not connected to a Citadel server, try to hook up the
         * connection now.

diff --git a/webcit/webcit.h b/webcit/webcit.h
index 25a5f9710844be491b55cb71f1ac174f1b66618c..a50d0e57291b4e39017924ec29f5f84ff0fde8ba 100644 (file)
--- a/webcit/webcit.h
+++ b/webcit/webcit.h
@@ -397,6 +397,7 @@ struct wcsession {
        char floordiv_expanded[32];             /**< which floordiv currently expanded */
        int selected_language;                  /**< Language selected by user */
        time_t last_pager_check;                /**< last time we polled for instant msgs */
+       int nonce;                              /**< session nonce (to prevent session riding) */
 };
 
 /** values for WC->current_iconbar */

diff --git a/webcit/who.c b/webcit/who.c
index 5215e77275e9068416ee057268b44425b21788ef..deae59d45640985c6aeafa7976508ba610d5daad 100644 (file)
--- a/webcit/who.c
+++ b/webcit/who.c
@@ -237,6 +237,7 @@ void edit_me(void)
                wprintf("<br />\n");
 
                wprintf("<form method=\"POST\" action=\"edit_me\">\n");
+               wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
                wprintf("<table border=0 width=100%%>\n");