From 93de22a0b3d45fb46e47ff7337445fb074179773 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Sat, 4 Sep 2021 15:31:34 +0200
Subject: [PATCH] Fix for CSRF in FileManager and UploadHandler
---
web/download/file/index.php | 5 +++++
web/file_manager/fm_api.php | 7 +++++--
web/js/app.js | 2 ++
web/js/file_manager.js | 13 ++++++++-----
web/templates/file_manager/main.php | 4 +++-
web/upload/UploadHandler.php | 7 ++++++-
6 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/web/download/file/index.php b/web/download/file/index.php
index efabb0e151..ee1a998976 100644
--- a/web/download/file/index.php
+++ b/web/download/file/index.php
@@ -1,6 +1,11 @@
GLOBAL = {};
+ ');
$(['A', 'B']).each(function(k, letter) {
var url = '/upload/';
+ var token = $('#token').attr('token');
$('#file_upload_' + letter).fileupload({
singleFileUploads: false,
add: function (e, data) {
@@ -154,7 +156,7 @@
var file_relocation = FM['TAB_'+tab+'_CURRENT_PATH'];
- $('#file_upload_' + letter).fileupload("option", "url", url + '?dir=' + file_relocation);
+ $('#file_upload_' + letter).fileupload("option", "url", url + '?token='+token+'&dir=' + file_relocation);
acc = $('
');
show_msg = false;
data.submit();
diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php
index 511ec4b3e1..48f40b2374 100755
--- a/web/upload/UploadHandler.php
+++ b/web/upload/UploadHandler.php
@@ -3,10 +3,15 @@
//session_start();
// Preventing CSRF
-prevent_post_csrf(true);
+// prevent_post_csrf(true);
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+// Check token
+if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) {
+ die("Wrong token or missing token");
+}
+
// Check login_as feature
$user = $_SESSION['user'];
if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {