mirror of
https://github.com/myvesta/vesta
synced 2025-07-05 12:36:23 -07:00
Fix for CSRF in FileManager and UploadHandler
This commit is contained in:
myvesta
parent
63861e4ffd
commit
93de22a0b3
6 changed files with 29 additions and 9 deletions
|
|
@ -1,6 +1,11 @@
|
|||
<?php
|
||||
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
|
||||
|
||||
// Check token
|
||||
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
|
||||
die("Wrong token or missing token");
|
||||
}
|
||||
|
||||
if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY']))) {
|
||||
header("Location: /login/");
|
||||
exit;
|
||||
|
|
|
|||
|
|
@ -3,15 +3,18 @@
|
|||
//error_reporting(NULL);
|
||||
|
||||
// Preventing CSRF
|
||||
prevent_post_csrf(true);
|
||||
// prevent_post_csrf(true);
|
||||
|
||||
header('Content-Type: application/json');
|
||||
|
||||
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
|
||||
include($_SERVER['DOCUMENT_ROOT']."/file_manager/fm_core.php");
|
||||
|
||||
// Check token
|
||||
if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) {
|
||||
die("Wrong token or missing token");
|
||||
}
|
||||
|
||||
// todo: set in session?
|
||||
if (empty($panel)) {
|
||||
$command = VESTA_CMD."v-list-user '".$user."' 'json'";
|
||||
exec ($command, $output, $return_var);
|
||||
|
|
|
|||
|
|
@ -797,6 +797,8 @@ App.Ajax.request = function(method, data, callback, onError){
|
|||
}*/
|
||||
//App.Helpers.setAjaxBusy(method, data);
|
||||
data = data || {};
|
||||
var token = $('#token').attr('token');
|
||||
data.token = token;
|
||||
|
||||
var prgs = $('.progress-container');
|
||||
|
||||
|
|
|
|||
|
|
@ -533,7 +533,8 @@ FM.downloadFileFromSubcontext = function(elm) {
|
|||
var src = $.parseJSON($(elm).find('.source').val());
|
||||
|
||||
var path = src.full_path;
|
||||
var win = window.open('/download/file/?path=' + path, '_blank');
|
||||
var token = $('#token').attr('token');
|
||||
var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank');
|
||||
win.focus();
|
||||
}
|
||||
|
||||
|
|
@ -552,20 +553,21 @@ FM.openFile = function(dir, box, elm) {
|
|||
};
|
||||
|
||||
App.Ajax.request('check_file_type', params, function(reply) {
|
||||
var token = $('#token').attr('token');
|
||||
if (reply.result) {
|
||||
if (FM.isFileEditable(src, reply.data)) {
|
||||
var myWindow = window.open('/edit/file/?path=' + src.full_path, '_blank');//, src.full_path, "width=900, height=700");
|
||||
var myWindow = window.open('/edit/file/?token='+token+'&path=' + src.full_path, '_blank');//, src.full_path, "width=900, height=700");
|
||||
}
|
||||
else {
|
||||
var path = src.full_path;
|
||||
var win = window.open('/download/file/?path=' + path, '_blank');
|
||||
var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank');
|
||||
//win.focus();
|
||||
}
|
||||
}
|
||||
else {
|
||||
// force download file
|
||||
var path = src.full_path;
|
||||
var win = window.open('/download/file/?path=' + path, '_blank');
|
||||
var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank');
|
||||
//win.focus();
|
||||
}
|
||||
});
|
||||
|
|
@ -1994,7 +1996,8 @@ FM.downloadFiles = function() {
|
|||
}
|
||||
|
||||
var path = src.full_path;
|
||||
var win = window.open('/download/file/?path=' + path, '_blank');
|
||||
var token = $('#token').attr('token');
|
||||
var win = window.open('/download/file/?token='+token+'&path=' + path, '_blank');
|
||||
win.focus();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@
|
|||
<script> GLOBAL = {}; </script>
|
||||
</head>
|
||||
<body>
|
||||
<div class="hidden" id="token" token="<?=$_SESSION['token']?>"></div>
|
||||
<a href="#" class="to-shortcuts">
|
||||
<i class="l-icon-shortcuts"></i>
|
||||
</a>
|
||||
|
|
@ -145,6 +146,7 @@
|
|||
var acc = $('<div>');
|
||||
$(['A', 'B']).each(function(k, letter) {
|
||||
var url = '/upload/';
|
||||
var token = $('#token').attr('token');
|
||||
$('#file_upload_' + letter).fileupload({
|
||||
singleFileUploads: false,
|
||||
add: function (e, data) {
|
||||
|
|
@ -154,7 +156,7 @@
|
|||
var file_relocation = FM['TAB_'+tab+'_CURRENT_PATH'];
|
||||
|
||||
|
||||
$('#file_upload_' + letter).fileupload("option", "url", url + '?dir=' + file_relocation);
|
||||
$('#file_upload_' + letter).fileupload("option", "url", url + '?token='+token+'&dir=' + file_relocation);
|
||||
acc = $('<div>');
|
||||
show_msg = false;
|
||||
data.submit();
|
||||
|
|
|
|||
|
|
@ -3,10 +3,15 @@
|
|||
//session_start();
|
||||
|
||||
// Preventing CSRF
|
||||
prevent_post_csrf(true);
|
||||
// prevent_post_csrf(true);
|
||||
|
||||
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
|
||||
|
||||
// Check token
|
||||
if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) {
|
||||
die("Wrong token or missing token");
|
||||
}
|
||||
|
||||
// Check login_as feature
|
||||
$user = $_SESSION['user'];
|
||||
if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue