Fixed Array to string conversion in _checkCsrfFromToken

[grisha2217]

Affected version

1.5.16

Hello. I have xf 1.5.16 and use php 7.0
One stupid children wanted to hack my forum, i got a lot of errors, a sample:

ErrorException: Array to string conversion - library/XenForo/Controller.php:236
Сгенерирована пользователем: //del, Сегодня, в 19:27
Трассировка стэка
#0 [internal function]: XenForo_Application::handlePhpError(8, 'Array to string...', '//deleted', 236, Array)
#1 library/XenForo/Controller.php(236): strval(Array)
#2 library/XenForo/Controller.php(195): XenForo_Controller->_checkCsrfFromToken(Array)
#3 library/XenForo/Controller.php(307): XenForo_Controller->_checkCsrf('Popup')
#4 library/XenForo/FrontController.php(368): XenForo_Controller->preDispatch('Popup', 'XenForo_Control...')
#5 library/XenForo/FrontController.php(152): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#6 index.php(18): XenForo_FrontController->run()
#7 {main}
Содержимое запроса
array(3) {
  ["url"] => string(115) "http://site.com/conversations/popup?_xfNoRedirect=1&_xfRequestUri=/&_xfResponseType=json&_xfToken[$acunetix]=1"
  ["_GET"] => array(5) {
    ["/conversations/popup"] => string(0) ""
    ["_xfNoRedirect"] => string(1) "1"
    ["_xfRequestUri"] => string(1) "/"
    ["_xfResponseType"] => string(4) "json"
    ["_xfToken"] => array(1) {
      ["$acunetix"] => string(1) "1"
    }
  }
  ["_POST"] => array(0) {
  }
}

I think, _checkCsrf function should be like:

protected function _checkCsrf($action)
{
   if (isset(self::$_executed['csrf']))
   {
      return;
   }
   self::$_executed['csrf'] = true;

   if (!XenForo_Application::isRegistered('session'))
   {
      return;
   }

   if ($this->_request->isPost() || substr($this->getResponseType(), 0, 2) == 'js')
   {
      // post and all json requests require a token
      $this->_checkCsrfFromToken($this->_input->filterSingle('_xfToken', XenForo_Input::STRING));
      //$this->_checkCsrfFromToken($this->_request->getParam('_xfToken'));
   }
}

Or change strval to array_map in _checkCsrfFromToken function

if (is_array($token))
        {
            $token = array_map('strval', $token);
        }
        else
        {
            $token = strval($token);
        }

 

[The Matrix]

Same here oddly, I copied your URL /conversations/popup?_xfNoRedirect=1&_xfRequestUri=/&_xfResponseType=json&_xfToken[$acunetix]=1
After, I got the error a bit "Security error occurred." I don't think that is a prevent attack?

Well, I hope they will fix and prevent this attack.

 

[grisha2217]

Same here oddly, I copied your URL /conversations/popup?_xfNoRedirect=1&_xfRequestUri=/&_xfResponseType=json&_xfToken[$acunetix]=1
After, I got the error a bit "Security error occurred." I don't think that is a prevent attack?

Well, I hope they will fix and prevent this attack.

Are you using 1.5.16 or latest version?

 

[The Matrix]

Are you using 1.5.16 or latest version?

Latest version. It is still same error from your first thread.

 

[grisha2217]

Oh, it was fixed, thx to developers