From a6e379b48c008aa1718120a4e34b4d8975a5e43c Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Wed, 2 Oct 2013 20:03:03 +0200
Subject: [PATCH] Added prototype of CSRF protection for forms

---
 com.woltlab.wcf/templates/avatarEdit.tpl            |  3 +++
 .../templates/formErrorSecurityToken.tpl            |  5 +++++
 .../files/lib/form/AbstractSecureForm.class.php     | 13 ++++++-------
 .../install/files/lib/form/AvatarEditForm.class.php |  2 +-
 4 files changed, 15 insertions(+), 8 deletions(-)
 create mode 100644 com.woltlab.wcf/templates/formErrorSecurityToken.tpl

diff --git a/com.woltlab.wcf/templates/avatarEdit.tpl b/com.woltlab.wcf/templates/avatarEdit.tpl
index b5a3d7c431..74979e3f82 100644
--- a/com.woltlab.wcf/templates/avatarEdit.tpl
+++ b/com.woltlab.wcf/templates/avatarEdit.tpl
@@ -18,6 +18,8 @@
 
 {include file='userNotice'}
 
+{include file='formErrorSecurityToken'}
+
 {if $__wcf->user->disableAvatar}
 	<p class="error">{lang}wcf.user.avatar.error.disabled{/lang}</p>
 {/if}
@@ -108,6 +110,7 @@
 	{if !$__wcf->user->disableAvatar}
 		<div class="formSubmit">
 			<input type="submit" value="{lang}wcf.global.button.submit{/lang}" accesskey="s" />
+			{@SECURITY_TOKEN_INPUT_TAG}
 		</div>
 	{/if}
 </form>
diff --git a/com.woltlab.wcf/templates/formErrorSecurityToken.tpl b/com.woltlab.wcf/templates/formErrorSecurityToken.tpl
new file mode 100644
index 0000000000..68ae1d84f8
--- /dev/null
+++ b/com.woltlab.wcf/templates/formErrorSecurityToken.tpl
@@ -0,0 +1,5 @@
+{if $errorField}
+	{if ($errorField|is_array && $errorField[__securityToken]|isset) || $errorField == '__securityToken'}
+		<p class="error">{lang}wcf.global.form.error.securityToken{/lang}</p>
+	{/if}
+{/if}
\ No newline at end of file
diff --git a/wcfsetup/install/files/lib/form/AbstractSecureForm.class.php b/wcfsetup/install/files/lib/form/AbstractSecureForm.class.php
index 126ba235a4..46ee24acd5 100644
--- a/wcfsetup/install/files/lib/form/AbstractSecureForm.class.php
+++ b/wcfsetup/install/files/lib/form/AbstractSecureForm.class.php
@@ -1,11 +1,11 @@
 <?php
 namespace wcf\form;
-use wcf\system\exception\IllegalLinkException;
+use wcf\system\exception\UserInputException;
 use wcf\system\WCF;
 
 /**
  * Extends AbstractForm by a function to validate a given security token.
- * A missing or invalid token will be result in a throw of a IllegalLinkException.
+ * A missing or invalid token will be result in a throw of a UserInputException.
  * 
  * @author	Marcel Werk
  * @copyright	2001-2013 WoltLab GmbH
@@ -16,12 +16,11 @@ use wcf\system\WCF;
  */
 abstract class AbstractSecureForm extends AbstractForm {
 	/**
-	 * @see	wcf\form\IForm::readFormParameters()
+	 * @see	wcf\form\IForm::validate()
 	 */
-	public function readFormParameters() {
-		parent::readFormParameters();
+	public function validate() {
+		parent::validate();
 		
-		// check security token
 		$this->checkSecurityToken();
 	}
 	
@@ -30,7 +29,7 @@ abstract class AbstractSecureForm extends AbstractForm {
 	 */
 	protected function checkSecurityToken() {
 		if (!isset($_POST['t']) || !WCF::getSession()->checkSecurityToken($_POST['t'])) {
-			throw new IllegalLinkException();
+			throw new UserInputException('__securityToken');
 		}
 	}
 }
diff --git a/wcfsetup/install/files/lib/form/AvatarEditForm.class.php b/wcfsetup/install/files/lib/form/AvatarEditForm.class.php
index d12a39900c..f456d6ef88 100644
--- a/wcfsetup/install/files/lib/form/AvatarEditForm.class.php
+++ b/wcfsetup/install/files/lib/form/AvatarEditForm.class.php
@@ -18,7 +18,7 @@ use wcf\system\WCF;
  * @subpackage	form
  * @category	Community Framework
  */
-class AvatarEditForm extends AbstractForm {
+class AvatarEditForm extends AbstractSecureForm {
 	/**
 	 * @see	wcf\page\AbstractPage::$enableTracking
 	 */
-- 
2.20.1