From 3812c86f8d5c2300ec3ca98df95c4882a5c1ee6d Mon Sep 17 00:00:00 2001
From: BlankEclair <blankeclair@disroot.org>
Date: Sun, 11 Aug 2024 20:47:15 +1000
Subject: [PATCH] SECURITY: Add CSRF protection for DeleteCargoTable and
 SwitchCargoTable

Bug: T372209
Change-Id: I87258ecb5ed2868c36ad4bdb57ac7c72982ceb0e
---
 includes/specials/SpecialDeleteCargoTable.php | 3 ++-
 includes/specials/SpecialSwitchCargoTable.php | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/includes/specials/SpecialDeleteCargoTable.php b/includes/specials/SpecialDeleteCargoTable.php
index 78482f5..2f18fb9 100644
--- a/includes/specials/SpecialDeleteCargoTable.php
+++ b/includes/specials/SpecialDeleteCargoTable.php
@@ -53,6 +53,7 @@ class SpecialDeleteCargoTable extends UnlistedSpecialPage {
 
 		$out = $this->getOutput();
 		$req = $this->getRequest();
+		$csrfTokenSet = $this->getContext()->getCsrfTokenSet();
 
 		$out->enableOOUI();
 
@@ -84,7 +85,7 @@ class SpecialDeleteCargoTable extends UnlistedSpecialPage {
 		$fieldTables = unserialize( $row['field_tables'] );
 		$fieldHelperTables = unserialize( $row['field_helper_tables'] );
 
-		if ( $this->getRequest()->getCheck( 'delete' ) ) {
+		if ( $req->wasPosted() && $req->getCheck( 'delete' ) && $csrfTokenSet->matchToken( $req->getText( 'wpEditToken' ) ) ) {
 			self::deleteTable( $tableName, $fieldTables, $fieldHelperTables );
 			$text = Html::element( 'p', null, $this->msg( 'cargo-deletetable-success', $tableName )->parse() ) . "\n";
 			$tablesLink = CargoUtils::makeLink( $this->getLinkRenderer(),
diff --git a/includes/specials/SpecialSwitchCargoTable.php b/includes/specials/SpecialSwitchCargoTable.php
index 5eb54ed..3144354 100644
--- a/includes/specials/SpecialSwitchCargoTable.php
+++ b/includes/specials/SpecialSwitchCargoTable.php
@@ -92,6 +92,9 @@ class SpecialSwitchCargoTable extends UnlistedSpecialPage {
 		$this->checkPermissions();
 
 		$out = $this->getOutput();
+		$req = $this->getRequest();
+		$csrfTokenSet = $this->getContext()->getCsrfTokenSet();
+
 		$tableName = $subpage;
 		$out->enableOOUI();
 
@@ -121,7 +124,7 @@ class SpecialSwitchCargoTable extends UnlistedSpecialPage {
 		$fieldTables = unserialize( $row['field_tables'] );
 		$fieldHelperTables = unserialize( $row['field_helper_tables'] );
 
-		if ( $this->getRequest()->getCheck( 'switch' ) ) {
+		if ( $req->wasPosted() && $req->getCheck( 'switch' ) && $csrfTokenSet->matchToken( $req->getText( 'wpEditToken' ) ) ) {
 			self::switchInTableReplacement( $tableName, $fieldTables, $fieldHelperTables, $this->getUser() );
 			$text = Html::element( 'p', null, $this->msg( 'cargo-switchtables-success', $tableName )->parse() ) . "\n";
 			$tablesLink = CargoUtils::makeLink( $this->getLinkRenderer(),
-- 
2.45.2