github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 21:04:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Checking token on adding and deleting favorites

Browse source
This commit is contained in:
myvesta 2021-08-29 16:05:33 +02:00
commit 475fe47984
3 changed files with 11 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
web/add/favorite/index.php
View file

@ -7,10 +7,9 @@ session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token // Check token
// if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) {
// header('location: /login/'); die("Wrong token");
// exit(); }
// }
// Protect input // Protect input
$v_section = escapeshellarg($_REQUEST['v_section']); $v_section = escapeshellarg($_REQUEST['v_section']);

5
web/delete/favorite/index.php
View file

@ -5,6 +5,11 @@
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) {
die("Wrong token");
}
unset($_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']]); unset($_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']]);
$v_section = escapeshellarg($_REQUEST['v_section']); $v_section = escapeshellarg($_REQUEST['v_section']);

5
web/js/init.js
View file

@ -128,6 +128,7 @@ $(document).ready(function(){
$('.l-unit .l-icon-star').click(function(){ $('.l-unit .l-icon-star').click(function(){
var l_unit = $(this).parents('.l-unit'); var l_unit = $(this).parents('.l-unit');
var token = $('#token').attr('token');
if(l_unit.hasClass('l-unit--starred')){ if(l_unit.hasClass('l-unit--starred')){
// removing star // removing star
@ -135,7 +136,7 @@ $(document).ready(function(){
$.ajax({ $.ajax({
method: "POST", method: "POST",
url: "/delete/favorite/index.php", url: "/delete/favorite/index.php",
data: { v_section: l_unit.attr('v_section'), v_unit_id: l_unit.attr('v_unit_id') } data: { v_section: l_unit.attr('v_section'), v_unit_id: l_unit.attr('v_unit_id'), token: token }
}); });
l_unit.attr({'sort-star': 0}); l_unit.attr({'sort-star': 0});
@ -145,7 +146,7 @@ $(document).ready(function(){
$.ajax({ $.ajax({
method: "POST", method: "POST",
url: "/add/favorite/index.php", url: "/add/favorite/index.php",
data: { v_unit_id: l_unit.attr('v_unit_id'), v_section: l_unit.attr('v_section') } data: { v_unit_id: l_unit.attr('v_unit_id'), v_section: l_unit.attr('v_section'), token: token }
}); });
l_unit.attr({'sort-star': 1}); l_unit.attr({'sort-star': 1});