Clever Geek Handbook

Drupal Secure Code:クロスサイトリクエストフォージェリ





(p2。 データベースの操作 ; p3。 ユーザー入力の操作



この記事を書いた理由は、かなり有名なモジュールに私の脆弱性が見つかったことです。 脆弱性を検出するためのルールに従って、私はこれまで詳細について話す権利がないため、一般的な用語で脆弱性について説明し、対処方法についても説明します。



したがって、 偽のクロスサイトリクエスト (Eng。Cross Site Request Forgery、または省略形ではCSRF):それは何で、何と一緒に食べますか。



CSRFは、HTTPプロトコルの欠陥を悪用するWebサイト訪問者への攻撃の一種です。 被害者が攻撃者によって作成されたサイトにアクセスすると、攻撃者に代わって、何らかの悪意のある操作(攻撃者のアカウントへの送金など)を実行する別のサーバー(支払いシステムサーバーなど)にリクエストが密かに送信されます。 この攻撃を実行するには、リクエストの送信先サーバーで被害者を承認する必要があります。このリクエストでは、ユーザーからの確認は必要ありません。



この種の攻撃は、一般的な誤解に反して、ずっと前に登場しました。最初の理論的推論は1988年に登場し、最初の脆弱性は2000年に発見されました。



CSRFの1つのアプリケーションは、別のサーバーで検出されたパッシブXSSの活用です。 被害者に代わってスパムを送信し、他のサイトのアカウント設定を変更することも可能です(たとえば、パスワード回復のための秘密の質問)。



生きている例





たとえば、ajaxを使用してノードを削除する小さなモジュールを作成する必要があります。 これはサービスノードリンクを使用して実装できます。クリックすると、AjaxリクエストがDrupalパスに送信されます。 このパスにハンドラーが接続され、ノードが削除されます。 それがこのモジュールの機能です。



node_destroy.module



  1. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  2. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  3. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  4. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  5. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  6. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  7. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  8. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  9. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  10. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  11. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  13. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  14. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  15. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  16. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  17. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  18. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  19. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  20. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  21. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  22. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  23. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  24. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  26. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  27. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  28. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  29. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  30. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  31. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  32. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  33. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  34. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  35. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  37. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  38. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  39. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  40. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  41. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  42. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  43. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  44. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  45. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }







  46. /** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }











node_destroy.js



  1. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  2. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  3. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  4. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  5. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  6. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  7. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  8. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  9. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  10. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  11. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  12. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  13. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  14. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  15. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  16. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  17. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  18. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }







  19. // // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }











そして、すべてがうまくいくでしょう、しかし、ある晴れた日、邪悪なトロルがサイトに来ます...または、より重要な状況-困惑した元従業員がサイトに来て、それを壊そうとします。 古い経験を思い出して、彼はアドレスに行こうとします site.ru/node/123/destroy



site.ru/node/123/destroy



、マテリアルを削除する権利がなくなったため、ゲートからターンを受け取ります。



そして、ここで、破壊的な創造性に合わせて、彼は次のコンテンツを持つノードを作成します。

<img src="http://site.ru/node/123/destroy" />







この瞬間に何が起こっていますか? 当然、画像はロードされませんが、トロールブラウザー同じ結果でこのパスのリクエストを実行します。



失敗して辞任したトロールはサイトを離れます。 1日後、サイト管理者はこのジャンクノードに気付き、入力して削除します。 そして、素材のリストに戻った後、彼はその中にID 123のノードを見つけられませんでした。 カーテン。



管理者がノードに入った時期を理解できなかった人のために、彼のブラウザも写真のリンクをクリックしました。 しかし、すでに十分なアクセス権があり、ノードは正常に削除され、管理者も何も気づきませんでした。




CSRFの脆弱性を回避する方法は?





答えは、データ変更アクションに一意のリンクを使用することです。 これはどのように可能ですか? Drupalはリンクトークン化方式を使用します。 つまり、アクティブなアクションのリンクに一意のパラメーターが追加され、アクション自体の間にチェックされます。 Drupalでは、そのようなパラメーターはdrupal_get_token()関数によって生成できます。 チェック-drupal_valid_token() 。 トークンは、提供された値、ユーザーのセッション、およびサイトの秘密キーに基づいて生成されます。これにより、害虫が正しいトークンを生成する可能性が実質的に最小限に抑えられます。



モジュールに変更を加えます。 正しいリンクを設定することから始めましょう:



  1. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  2. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  3. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  4. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  5. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  7. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  8. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  9. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  10. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  11. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  12. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  13. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  14. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  15. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  16. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  17. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









  18. function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }









function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }













覚えているように、リンクに接続されているアドレスにajaxリクエストを送信するため、コールバック$_GET



標準的な方法$_GET



のみ$_GET



確認できます。



  1. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }







  2. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }







  3. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }







  4. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }







  5. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }







  6. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }







  7. function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }











DrupalDance経由:クロスサイトリクエストフォージェリ


More articles:


All Articles