[RELEASED] CSRF Protection Form

Post by straightlight » Sat Jan 28, 2012 1:22 am

<form

<?php echo $this->csrf->csrf_form_input(); ?>

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by straightlight » Thu Feb 02, 2012 12:33 am

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by straightlight » Wed Feb 08, 2012 10:16 pm

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by annelim » Sat Mar 24, 2012 7:45 pm

Post by straightlight » Sat Mar 24, 2012 8:03 pm

Simply read the README file's instructions. A demo would only be good for showing the view source with the token in this case which would be kind of useless to demonstrate since once you understand those easy instructions, you won't need to see that demo since the results are about protecting users from one line added on each HTML forms (which almost all of them has already been provided from XML) and, yes, it works on v1.5.2.1 release.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by annelim » Sat Apr 14, 2012 5:30 pm

Post by straightlight » Sat Apr 14, 2012 8:18 pm

<operation>
			<search position="after"><![CDATA[$this->db->query("INSERT INTO " . DB_PREFIX . "setting SET store_id = '" . (int)$store_id . "', `group` = '" . $this->db->escape($group) . "', `key` = '" . $this->db->escape($key) . "', `value` = '" . $this->db->escape($value) . "', serialized = '0'");]]></search>
			<add><![CDATA[
			}
			]]>
			</add>
		</operation>

<operation>
			<search position="after"><![CDATA[$this->db->query("INSERT INTO " . DB_PREFIX . "setting SET store_id = '" . (int)$store_id . "', `group` = '" . $this->db->escape($group) . "', `key` = '" . $this->db->escape($key) . "', `value` = '" . $this->db->escape($value) . "'");]]></search>
			<add><![CDATA[
			}
			]]>
			</add>
		</operation>

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by problemchild » Wed Jul 11, 2012 5:40 pm

First of all thank you for addressing the CSRF issue, I have gotten almost everything to work now at the pages I am working on.. the only "little" snag is the javascript POST commands (when adding to cart/wishlist/comparison).

If I understood the previous posts correctly, these javascript POSTS also would need some kind of csrf-code addition to function properly? (like with <form, the <?php echo $this->csrf->csrf_form_input(); ?> code-addition)

The parts I think need the addition are located in product.tpl near lines 339&340 and 415&416 in default-theme, and perhaps(may vary if other code additions) in custom theme(in my case Carbon) near lines 328&329, 404&405. Line numbers taken from Notepad++. Code parts in question:

Code: Select all

url: 'index.php?route=checkout/cart/add',
type: 'post',

and

Code: Select all

url: 'index.php?route=product/product/write&product_id=<?php echo $product_id; ?>',
type: 'post',

I ask this because maybe I have missed something/doing something wrong. I am using Windows 7 and latest Firefox(also tested with latest IE). Oh, and my Opencart version is 1.5.2.1. My first ever post to opencart btw, so if you need more information regarding the issue, please let me know.

ps. had still some forms(in checkout/cart.tpl) without the <?php echo $this->csrf->csrf_form_input(); ?> -code, but now really in need of help. Well back to to wondering what I have missed.

Post by straightlight » Sun Jul 15, 2012 4:49 am

<?php echo $this->csrf->csrf_form_input(); ?>

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by Alexisander » Thu Nov 08, 2012 10:40 pm

Hello,

As i said in the market:

I use OC 1.5.3.1 and i get this when trying to login in admin:

Fatal error: Call to a member function csrf_form_input() on a non-object in /home/netvoltr/public_html/vqmod/vqcache/vq2-admin_view_template_common_login.tpl on line 16

Why? THX!!!

I have tryed what u have wrote a little bit up but no succes, i only use VQmod for captcha code when login as admin. Nothing else motified from core.

Post by straightlight » Thu Nov 08, 2012 10:43 pm

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by Alexisander » Thu Nov 08, 2012 10:45 pm

Post by straightlight » Thu Nov 08, 2012 10:47 pm

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by straightlight » Thu Nov 08, 2012 10:56 pm

final class

class

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by Alexisander » Thu Nov 08, 2012 10:57 pm

Post by straightlight » Thu Nov 08, 2012 10:58 pm

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by Alexisander » Thu Nov 08, 2012 11:03 pm

Post by straightlight » Thu Nov 08, 2012 11:04 pm

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer

Post by limurchick » Fri Jul 11, 2014 4:21 pm

Seems that author forgot to add csrf.php file to archive. Any link

Post by straightlight » Mon Jul 14, 2014 11:12 pm

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer