fix: prevent reuse of old attacks by re-POSTing same values

This commit is contained in:
Martin Ambrus
2017-11-24 10:17:54 +01:00
parent c06c62ba6a
commit 12fe632bf4
3 changed files with 14 additions and 0 deletions
+7
View File
@@ -5371,6 +5371,13 @@ References: User ID/Message ID, Mode
return mysqli_insert_id($this->dblink);
}
function remA2b($id) {
$id = (int) $id;
$q = "DELETE FROM " . TB_PREFIX . "a2b WHERE id = $id";
return mysqli_query($this->dblink,$q);
}
// no need to cache this method
function getA2b($ckey, $check) {
list($ckey, $check) = $this->escape_input($ckey, $check);
+4
View File
@@ -552,6 +552,10 @@ class Units {
header( "Location: a2b.php" );
exit;
}
// prevent re-use of the same attack via re-POSTing the same data
$database->remA2b($data['id']);
header( "Location: build.php?id=39" );
exit;
+3
View File
@@ -97,6 +97,9 @@
$database->modifyUnit($getFLData['wref'], $uname2, $amounts, $modes);
$database->addMovement(3,$getFLData['wref'],$data['to_vid'],$reference,time(),($time+time()));
// prevent re-use of the same attack via re-POSTing the same data
$database->remA2b($data['id']);
}
}
}