Index: lams_build/build.xml =================================================================== diff -u -r24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4 -r3cdcc421a982fe488cd3c991e2a9d4f3af0ae778 --- lams_build/build.xml (.../build.xml) (revision 24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4) +++ lams_build/build.xml (.../build.xml) (revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778) @@ -418,6 +418,14 @@ + + + + + + + Index: lams_build/build_base.xml =================================================================== diff -u -r24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4 -r3cdcc421a982fe488cd3c991e2a9d4f3af0ae778 --- lams_build/build_base.xml (.../build_base.xml) (revision 24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4) +++ lams_build/build_base.xml (.../build_base.xml) (revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778) @@ -366,6 +366,13 @@ + + ${ant.project.name}: Copying additional property files + + + + + Index: lams_build/conf/j2ee/jboss-deployment-structure.xml =================================================================== diff -u -r24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4 -r3cdcc421a982fe488cd3c991e2a9d4f3af0ae778 --- lams_build/conf/j2ee/jboss-deployment-structure.xml (.../jboss-deployment-structure.xml) (revision 24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4) +++ lams_build/conf/j2ee/jboss-deployment-structure.xml (.../jboss-deployment-structure.xml) (revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778) @@ -51,6 +51,7 @@ + + + + + + + + + + + + \ No newline at end of file Index: lams_build/lib/csrfguard/csrfguard-3.1.0-2019.12.19.jar =================================================================== diff -u Binary files differ Index: lams_central/build.xml =================================================================== diff -u -r24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4 -r3cdcc421a982fe488cd3c991e2a9d4f3af0ae778 --- lams_central/build.xml (.../build.xml) (revision 24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4) +++ lams_central/build.xml (.../build.xml) (revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778) @@ -32,6 +32,13 @@ + + ${ant.project.name}: Copying additional property files + + + + + Index: lams_central/conf/security/Owasp.CsrfGuard.properties =================================================================== diff -u --- lams_central/conf/security/Owasp.CsrfGuard.properties (revision 0) +++ lams_central/conf/security/Owasp.CsrfGuard.properties (revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778) @@ -0,0 +1,3 @@ +org.owasp.csrfguard.ProtectedMethods=POST +org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log +org.owasp.csrfguard.action.Log.Message=CSRF attack (user: %user%, ip: %remote_ip%, uri: %request_uri%, error: %exception_message%) \ No newline at end of file Index: lams_central/web/WEB-INF/tlds/security/csrfguard.tld =================================================================== diff -u --- lams_central/web/WEB-INF/tlds/security/csrfguard.tld (revision 0) +++ lams_central/web/WEB-INF/tlds/security/csrfguard.tld (revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778) @@ -0,0 +1,70 @@ + + + + 1.2 + 2.0 + Owasp CsrfGuard Tag Library + http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld + + token + org.owasp.csrfguard.tag.TokenTag + empty + + uri + false + true + + + + tokenname + org.owasp.csrfguard.tag.TokenNameTag + empty + + + tokenvalue + org.owasp.csrfguard.tag.TokenValueTag + empty + + uri + false + true + + + + a + org.owasp.csrfguard.tag.ATag + true + + + form + org.owasp.csrfguard.tag.FormTag + true + + Index: lams_central/web/WEB-INF/web.xml =================================================================== diff -u -r24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4 -r3cdcc421a982fe488cd3c991e2a9d4f3af0ae778 --- lams_central/web/WEB-INF/web.xml (.../web.xml) (revision 24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4) +++ lams_central/web/WEB-INF/web.xml (.../web.xml) (revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778) @@ -41,6 +41,14 @@ parentContextKey context.central + + Owasp.CsrfGuard.Config + WEB-INF/Owasp.CsrfGuard.properties + + + Owasp.CsrfGuard.Config.Print + true + UrlRewriteFilter @@ -69,6 +77,10 @@ org.lamsfoundation.lams.web.filter.LocaleFilter + + CSRFGuard + org.owasp.csrfguard.CsrfGuardFilter + UrlRewriteFilter @@ -147,7 +159,12 @@ LocaleFilter

/ckeditor/*

- + + CSRFGuard + /* + + +

org.springframework.web.context.ContextLoaderListener @@ -160,6 +177,13 @@

+ + org.owasp.csrfguard.CsrfGuardServletContextListener + + + org.owasp.csrfguard.CsrfGuardHttpSessionListener + +

GetRecordingServlet

org.lamsfoundation.lams.webservice.GetRecordingServlet @@ -497,6 +521,9 @@ /services/SPEnrolment + + + csv text/plain @@ -560,6 +587,11 @@ tags-lams /WEB-INF/tlds/lams/lams.tld + + + csrfguard + /WEB-INF/tlds/security/csrfguard.tld + Index: lams_central/web/profile/editprofile.jsp =================================================================== diff -u -r24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4 -r3cdcc421a982fe488cd3c991e2a9d4f3af0ae778 --- lams_central/web/profile/editprofile.jsp (.../editprofile.jsp) (revision 24f0886e73317ee6aa7b49eb70e3c2ad8c8f35f4) +++ lams_central/web/profile/editprofile.jsp (.../editprofile.jsp) (revision 3cdcc421a982fe488cd3c991e2a9d4f3af0ae778) @@ -1,7 +1,8 @@ <%@ page contentType="text/html; charset=utf-8" language="java"%> -<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> +<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> +<%@ taglib uri="csrfguard" prefix="csrf" %> <%@ taglib uri="tags-core" prefix="c"%> <%@ taglib uri="tags-fmt" prefix="fmt"%> <%@ taglib uri="tags-lams" prefix="lams"%> @@ -45,6 +46,7 @@ +