Geekly Articles each Day

Drupal Secure Code:クロスサイトリクエストフォージェリ



(p2。 データベースの操作 ; p3。 ユーザー入力の操作

この記事を書いた理由は、かなり有名なモジュールに私の脆弱性が見つかったことです。 脆弱性を検出するためのルールに従って、私はこれまで詳細について話す権利がないため、一般的な用語で脆弱性について説明し、対処方法についても説明します。

したがって、 偽のクロスサイトリクエスト (Eng。Cross Site Request Forgery、または省略形ではCSRF):それは何で、何と一緒に食べますか。

CSRFは、HTTPプロトコルの欠陥を悪用するWebサイト訪問者への攻撃の一種です。 被害者が攻撃者によって作成されたサイトにアクセスすると、攻撃者に代わって、何らかの悪意のある操作(攻撃者のアカウントへの送金など)を実行する別のサーバー(支払いシステムサーバーなど)にリクエストが密かに送信されます。 この攻撃を実行するには、リクエストの送信先サーバーで被害者を承認する必要があります。このリクエストでは、ユーザーからの確認は必要ありません。

この種の攻撃は、一般的な誤解に反して、ずっと前に登場しました。最初の理論的推論は1988年に登場し、最初の脆弱性は2000年に発見されました。

CSRFの1つのアプリケーションは、別のサーバーで検出されたパッシブXSSの活用です。 被害者に代わってスパムを送信し、他のサイトのアカウント設定を変更することも可能です(たとえば、パスワード回復のための秘密の質問)。

生きている例



たとえば、ajaxを使用してノードを削除する小さなモジュールを作成する必要があります。 これはサービスノードリンクを使用して実装できます。クリックすると、AjaxリクエストがDrupalパスに送信されます。 このパスにハンドラーが接続され、ノードが削除されます。 それがこのモジュールの機能です。

node_destroy.module


  1. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  2. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  3. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  4. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  5. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  6. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  7. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  8. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  9. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  10. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  11. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  13. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  14. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  15. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  16. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  17. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  18. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  19. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  20. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  21. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  22. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  23. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  24. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  26. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  27. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  28. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  29. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  30. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  31. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  32. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  33. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  34. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  35. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  37. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  38. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  39. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  40. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  41. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  42. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  43. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  44. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  45. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
  46. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }


node_destroy.js


  1. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  2. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  3. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  4. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  5. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  6. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  7. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  8. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  9. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  10. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  11. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  12. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  13. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  14. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  15. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  16. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  17. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  18. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
  19. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }


そして、すべてがうまくいくでしょう、しかし、ある晴れた日、邪悪なトロルがサイトに来ます...または、より重要な状況-困惑した元従業員がサイトに来て、それを壊そうとします。 古い経験を思い出して、彼はアドレスに行こうとします site.ru/node/123/destroy site.ru/node/123/destroy 、マテリアルを削除する権利がなくなったため、ゲートからターンを受け取ります。

そして、ここで、破壊的な創造性に合わせて、彼は次のコンテンツを持つノードを作成します。
<img src="http://site.ru/node/123/destroy" />

この瞬間に何が起こっていますか? 当然、画像はロードされませんが、トロールブラウザー同じ結果でこのパスのリクエストを実行します。

失敗して辞任したトロールはサイトを離れます。 1日後、サイト管理者はこのジャンクノードに気付き、入力して削除します。 そして、素材のリストに戻った後、彼はその中にID 123のノードを見つけられませんでした。 カーテン。

管理者がノードに入った時期を理解できなかった人のために、彼のブラウザも写真のリンクをクリックしました。 しかし、すでに十分なアクセス権があり、ノードは正常に削除され、管理者も何も気づきませんでした。


CSRFの脆弱性を回避する方法は?



答えは、データ変更アクションに一意のリンクを使用することです。 これはどのように可能ですか? Drupalはリンクトークン化方式を使用します。 つまり、アクティブなアクションのリンクに一意のパラメーターが追加され、アクション自体の間にチェックされます。 Drupalでは、そのようなパラメーターはdrupal_get_token()関数によって生成できます。 チェック-drupal_valid_token() 。 トークンは、提供された値、ユーザーのセッション、およびサイトの秘密キーに基づいて生成されます。これにより、害虫が正しいトークンを生成する可能性が実質的に最小限に抑えられます。

モジュールに変更を加えます。 正しいリンクを設定することから始めましょう:

  1. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  2. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  3. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  4. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  5. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  7. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  8. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  9. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  10. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  11. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  12. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  13. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  14. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  15. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  16. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  17. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
  18. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }


覚えているように、リンクに接続されているアドレスにajaxリクエストを送信するため、コールバック$_GET標準的な方法$_GETのみ$_GET確認できます。

  1. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
  2. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
  3. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
  4. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
  5. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
  6. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
  7. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }


DrupalDance経由:クロスサイトリクエストフォージェリ

Source: https://habr.com/ru/post/J52132/

More articles:


All Articles