
(p2。 データベースの操作 ; p3。 ユーザー入力の操作 )
この記事を書いた理由は、かなり有名なモジュールに私の脆弱性が見つかったことです。 脆弱性を検出するためのルールに従って、私はこれまで詳細について話す権利がないため、一般的な用語で脆弱性について説明し、対処方法についても説明します。
したがって、 偽のクロスサイトリクエスト (Eng。Cross Site Request Forgery、または省略形ではCSRF):それは何で、何と一緒に食べますか。
CSRFは、HTTPプロトコルの欠陥を悪用するWebサイト訪問者への攻撃の一種です。 被害者が攻撃者によって作成されたサイトにアクセスすると、攻撃者に代わって、何らかの悪意のある操作(攻撃者のアカウントへの送金など)を実行する別のサーバー(支払いシステムサーバーなど)にリクエストが密かに送信されます。 この攻撃を実行するには、リクエストの送信先サーバーで被害者を承認する必要があります。このリクエストでは、ユーザーからの確認は必要ありません。
この種の攻撃は、一般的な誤解に反して、ずっと前に登場しました。最初の理論的推論は1988年に登場し、最初の脆弱性は2000年に発見されました。
CSRFの1つのアプリケーションは、別のサーバーで検出されたパッシブXSSの活用です。 被害者に代わってスパムを送信し、他のサイトのアカウント設定を変更することも可能です(たとえば、パスワード回復のための秘密の質問)。
生きている例
たとえば、ajaxを使用してノードを削除する小さなモジュールを作成する必要があります。 これはサービスノードリンクを使用して実装できます。クリックすると、AjaxリクエストがDrupalパスに送信されます。 このパスにハンドラーが接続され、ノードが削除されます。 それがこのモジュールの機能です。
node_destroy.module
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
/** * hook_menu(). . */ function node_destroy_menu() { $menu [ 'node/%node/destroy' ] = array ( 'page_callback' => 'node_destroy' , 'page_arguments' => array (1), 'access_arguments' => array ( 'administer nodes' ), 'type' => MENU_CALLBACK, ); } /** * . */ function node_destroy( $node ) { if ( $node ->nid) { node_delete( $node ->nid); print ( 'SUCCESS' ); } // , // exit (); } /** * hook_link(). . */ function node_destroy_link( $type , $node = NULL, $teaser = FALSE) { switch ( $type ) { case 'node' : // , , // , $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js( $path . '/node_destroy.js' ); // , $links [ 'node_destroy' ] = array ( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array ( 'class' => 'node_destroy_link' ), ); break ; } return $links ; }
node_destroy.js
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
// // $(document).ready(function() { ... }) Drupal.behaviors.node_destroy = function (context) { // . // . . $( '.node_destroy_link:not(.processed)' , context).addClass( 'processed' ).click( function (){ href = $( this ).attr( 'href' ); $.ajax({ type: "GET" , url: href, success: function (result){ // SUCCESS , if (result != 'SUCCESS' ) { alert( 'Error' ); } } }); }); }
そして、すべてがうまくいくでしょう、しかし、ある晴れた日、邪悪なトロルがサイトに来ます...または、より重要な状況-困惑した元従業員がサイトに来て、それを壊そうとします。 古い経験を思い出して、彼はアドレスに行こうとします
site.ru/node/123/destroy
site.ru/node/123/destroy
、マテリアルを削除する権利がなくなったため、ゲートからターンを受け取ります。
そして、ここで、破壊的な創造性に合わせて、彼は次のコンテンツを持つノードを作成します。
<img src="http://site.ru/node/123/destroy" />
この瞬間に何が起こっていますか? 当然、画像はロードされませんが、トロールブラウザーは同じ結果でこのパスのリクエストを実行します。
失敗して辞任したトロールはサイトを離れます。 1日後、サイト管理者はこのジャンクノードに気付き、入力して削除します。 そして、素材のリストに戻った後、彼はその中にID 123のノードを見つけられませんでした。 カーテン。
管理者がノードに入った時期を理解できなかった人のために、彼のブラウザも写真のリンクをクリックしました。 しかし、すでに十分なアクセス権があり、ノードは正常に削除され、管理者も何も気づきませんでした。
CSRFの脆弱性を回避する方法は?
答えは、データ変更アクションに一意のリンクを使用することです。 これはどのように可能ですか? Drupalはリンクトークン化方式を使用します。 つまり、アクティブなアクションのリンクに一意のパラメーターが追加され、アクション自体の間にチェックされます。 Drupalでは、そのようなパラメーターはdrupal_get_token()関数によって生成できます。 チェック-drupal_valid_token() 。 トークンは、提供された値、ユーザーのセッション、およびサイトの秘密キーに基づいて生成されます。これにより、害虫が正しいトークンを生成する可能性が実質的に最小限に抑えられます。
モジュールに変更を加えます。 正しいリンクを設定することから始めましょう:
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
function node_destroy_link($type, $node = NULL, $teaser = FALSE) { switch ($type) { case 'node' : $path = drupal_get_path( 'module' , 'node_destroy' ); drupal_add_js($path . '/node_destroy.js' ); $links[ 'node_destroy' ] = array( 'title' => t( 'Destroy node' ), 'href' => "node/$node->nid/destroy" , 'attributes' => array( 'class' => 'node_destroy_link' ), // query — GET , .. // token 'query' => 'token=' . drupal_get_token( 'node_destroy_' . $node->nid) ); break ; } return $links; }
覚えているように、リンクに接続されているアドレスにajaxリクエストを送信するため、コールバック
$_GET
標準的な方法
$_GET
のみ
$_GET
確認できます。
function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
function node_destroy( $node ) { if ( $node ->nid && isset ( $_GET [ 'token' ]) && drupal_valid_token( $_GET [ 'token' ], 'node_destroy_' . $node ->nid)) { node_delete( $node ->nid); print ( 'SUCCESS' ); } exit (); }
DrupalDance経由:クロスサイトリクエストフォージェリ