Topic on User talk:MaxSem

vulnerable to CSRF attacks

2 comments • 09:01, 23 September 2010 13 years ago
2
Gri6507 (talkcontribs)

Hello,

one of the extensions that I maintain, Extension:STSGMassMailer has been labeled by you as "vulnerable to CSRF attacks". I am not familiar with what this means. Can you please clarify the nature of the issue so that I could attempt to address it? Thank you --Gri6507 02:05, 23 September 2010 (UTC)

Reply 02:05, 23 September 2010 13 years ago
MaxSem (talkcontribs)

Basically, w:CSRF says it all. An attacker could forge a request to your special with JS that will mail whatever he wants. To fix this, you need to generate an unpredictable (for attacker) token with $wgUser->editToken() instead of sha1("stsg") and check it with $wgUser->matchEditToken().

Other problems:

  • User names are not escaped on output. While restrictions on user names prevent this from escalating to full-scale XSS, this could lead to other inconveniences.
  • loadMessages() is not really needed these days, just register your messages with $wgExtensionMessagesFiles.
  • "<form method=\"post\" action=\"" . $thisTitle->getLocalUrl() . "\">" produces invalid XHTML, use the Html class to avoid things like that.
Reply 09:01, 23 September 2010 13 years ago
Reply to "vulnerable to CSRF attacks"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Pkg1behpel67gxgd"