--- a/includes/sessions.php Tue Nov 16 12:44:22 2010 -0500
+++ b/includes/sessions.php Tue Jul 12 22:13:37 2011 -0400
@@ -167,6 +167,13 @@
var $sw_timed_out = false;
/**
+ * Token appended to some important forms to prevent CSRF.
+ * @var string
+ */
+
+ var $csrf_token = false;
+
+ /**
* Switch to track if we're started or not.
* @access private
* @var bool
@@ -463,6 +470,8 @@
$this->real_name = $userdata['real_name'];
$this->email = $userdata['email'];
$this->unread_pms = $userdata['num_pms'];
+ // generate an anti-CSRF token
+ $this->csrf_token = sha1($this->username . $this->sid . $this->user_id);
if(!$this->compat)
{
$this->theme = $userdata['theme'];
@@ -962,6 +971,9 @@
$this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4);
}
$this->user_id = 1;
+
+ // make a CSRF token
+ $this->csrf_token = sha1($_SERVER['REMOTE_ADDR'] . '::' . sha1($this->private_key));
}
/**
@@ -999,7 +1011,7 @@
. ' LEFT JOIN '.table_prefix.'users_extra AS x' . "\n"
. ' ON ( u.user_id=x.user_id OR x.user_id IS NULL )' . "\n"
. ' LEFT JOIN '.table_prefix.'privmsgs AS p' . "\n"
- . ' ON ( p.message_to=u.username AND p.message_read=0 )' . "\n"
+ . ' ON ( p.message_to=u.username AND p.message_read=0 AND p.folder_name != \'drafts\' )' . "\n"
. ' WHERE k.session_key=\''.$keyhash.'\'' . "\n"
. ' AND k.salt=\''.$salt.'\'' . "\n"
. ' GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;');