Skip to content

Commit

Permalink
Disable invalid CSRF token alerts - warning gets logged as usual.
Browse files Browse the repository at this point in the history
  • Loading branch information
protich committed Mar 6, 2013
1 parent eba99c3 commit 707ccf4
Showing 1 changed file with 16 additions and 16 deletions.
32 changes: 16 additions & 16 deletions include/class.osticket.php
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,11 @@ class.osticket.php
class osTicket {

var $loglevel=array(1=>'Error','Warning','Debug');

//Page errors.
var $errors;

//System
//System
var $system;


Expand All @@ -47,7 +47,7 @@ class osTicket {
var $csrf;

function osTicket($cfgId) {

$this->config = Config::lookup($cfgId);

//DB based session storage was added starting with v1.7
Expand Down Expand Up @@ -109,13 +109,13 @@ function checkCSRFToken($name='') {
$name = $name?$name:$this->getCSRF()->getTokenName();
if(isset($_POST[$name]) && $this->validateCSRFToken($_POST[$name]))
return true;

if(isset($_SERVER['HTTP_X_CSRFTOKEN']) && $this->validateCSRFToken($_SERVER['HTTP_X_CSRFTOKEN']))
return true;

$msg=sprintf('Invalid CSRF token [%s] on %s',
($_POST[$name].''.$_SERVER['HTTP_X_CSRFTOKEN']), THISPAGE);
$this->logWarning('Invalid CSRF Token '.$name, $msg);
$this->logWarning('Invalid CSRF Token '.$name, $msg, false);

return false;
}
Expand All @@ -129,7 +129,7 @@ function validateLinkToken($token) {
}

function isFileTypeAllowed($file, $mimeType='') {

if(!$file || !($allowedFileTypes=$this->getConfig()->getAllowedFileTypes()))
return false;

Expand All @@ -148,9 +148,9 @@ function isFileTypeAllowed($file, $mimeType='') {

/* Replace Template Variables */
function replaceTemplateVariables($input, $vars=array()) {

$replacer = new VariableReplacer();
$replacer->assign(array_merge($vars,
$replacer->assign(array_merge($vars,
array('url' => $this->getConfig()->getBaseUrl())
));

Expand Down Expand Up @@ -220,7 +220,7 @@ function clearNotice() {


function alertAdmin($subject, $message, $log=false) {

//Set admin's email address
if(!($to=$this->getConfig()->getAdminEmail()))
$to=ADMIN_EMAIL;
Expand All @@ -231,7 +231,7 @@ function alertAdmin($subject, $message, $log=false) {

//Try getting the alert email.
$email=null;
if(!($email=$this->getConfig()->getAlertEmail()))
if(!($email=$this->getConfig()->getAlertEmail()))
$email=$this->getConfig()->getDefaultEmail(); //will take the default email.

if($email) {
Expand All @@ -257,7 +257,7 @@ function logInfo($title, $message, $alert=false) {
function logWarning($title, $message, $alert=true) {
return $this->log(LOG_WARN, $title, $message, $alert);
}

function logError($title, $error, $alert=true) {
return $this->log(LOG_ERR, $title, $error, $alert);
}
Expand All @@ -275,8 +275,8 @@ function log($priority, $title, $message, $alert=false) {
//We are providing only 3 levels of logs. Windows style.
switch($priority) {
case LOG_EMERG:
case LOG_ALERT:
case LOG_CRIT:
case LOG_ALERT:
case LOG_CRIT:
case LOG_ERR:
$level=1; //Error
break;
Expand Down Expand Up @@ -306,9 +306,9 @@ function log($priority, $title, $message, $alert=false) {
',log_type='.db_input($loglevel[$level]).
',log='.db_input($message).
',ip_address='.db_input($_SERVER['REMOTE_ADDR']);

mysql_query($sql); //don't use db_query to avoid possible loop.

return true;
}

Expand All @@ -320,7 +320,7 @@ function purgeLogs() {
//System logs
$sql='DELETE FROM '.SYSLOG_TABLE.' WHERE DATE_ADD(created, INTERVAL '.$gp.' MONTH)<=NOW()';
db_query($sql);

//TODO: Activity logs

return true;
Expand Down

0 comments on commit 707ccf4

Please sign in to comment.