Fix CSRF vulnerability in opt-out when setCookieInNewWindow=1 (#14400)

* Fix CSRF vulnerability in opt-out when setCookieInNewWindow=1 * Add nonce to URL for setCookieInNewWindow
author: Kate Butler <kate@innocraft.com> 2019-05-03 08:08:48 +0300
committer: Thomas Steur <tsteur@users.noreply.github.com> 2019-05-03 08:08:48 +0300
commit: 72df150735664275a60a7861e468c6ff3b152a14 (patch)
tree: f4aeec8c2ce873baa6221fdba77bcf195ca308fc /plugins/CoreAdminHome/OptOutManager.php
parent: a426194281492a4beaddf23cc7851822b2006a33 (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/plugins/CoreAdminHome/OptOutManager.php b/plugins/CoreAdminHome/OptOutManager.php
index 8ee6690d99..b47f8c2cdc 100644
--- a/plugins/CoreAdminHome/OptOutManager.php
+++ b/plugins/CoreAdminHome/OptOutManager.php
@@ -175,12 +175,13 @@ class OptOutManager
             $reloadUrl = Url::getCurrentQueryStringWithParametersModified(array(
                 'showConfirmOnly' => 1,
                 'setCookieInNewWindow' => 0,
+                'nonce' => Common::getRequestVar('nonce')
             ));
         } else {
             $reloadUrl = false;
 
-            $nonce = Common::getRequestVar('nonce', false);
-            if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) {
+            $requestNonce = Common::getRequestVar('nonce', false);
+            if ($requestNonce !== false && Nonce::verifyNonce('Piwik_OptOut', $requestNonce)) {
                 Nonce::discardNonce('Piwik_OptOut');
                 IgnoreCookie::setIgnoreCookie();
                 $trackVisits = !$trackVisits;
@@ -192,11 +193,14 @@ class OptOutManager
             ? $language
             : LanguagesManager::getLanguageCodeForCurrentUser();
 
+        $nonce = Nonce::getNonce('Piwik_OptOut', 3600);
+
         $this->addQueryParameters(array(
             'module' => 'CoreAdminHome',
             'action' => 'optOut',
             'language' => $lang,
-            'setCookieInNewWindow' => 1
+            'setCookieInNewWindow' => 1,
+            'nonce' => $nonce
         ), false);
 
         $this->addStylesheet($this->optOutStyling());
@@ -208,7 +212,7 @@ class OptOutManager
         $this->view->setXFrameOptions('allow');
         $this->view->dntFound = $dntFound;
         $this->view->trackVisits = $trackVisits;
-        $this->view->nonce = Nonce::getNonce('Piwik_OptOut', 3600);
+        $this->view->nonce = $nonce;
         $this->view->language = $lang;
         $this->view->showConfirmOnly = Common::getRequestVar('showConfirmOnly', false, 'int');
         $this->view->reloadUrl = $reloadUrl;
author	Kate Butler <kate@innocraft.com>	2019-05-03 08:08:48 +0300
committer	Thomas Steur <tsteur@users.noreply.github.com>	2019-05-03 08:08:48 +0300
commit	72df150735664275a60a7861e468c6ff3b152a14 (patch)
tree	f4aeec8c2ce873baa6221fdba77bcf195ca308fc /plugins/CoreAdminHome/OptOutManager.php
parent	a426194281492a4beaddf23cc7851822b2006a33 (diff)