github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 18:49:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix for CSRF in FileManager and UploadHandler

Browse source
This commit is contained in:
myvesta 2021-09-04 15:31:34 +02:00
commit 93de22a0b3
6 changed files with 29 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

5
web/download/file/index.php
View file

@ -1,6 +1,11 @@
<?php
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
die("Wrong token or missing token");
}
if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY']))) {
header("Location: /login/");
exit;