gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-09-09 11:29:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix possible csrf attack due to missing form token

Browse Source
This commit is contained in:
Uwe Steinmann 2021-01-24 17:05:13 +01:00
parent b2182362d3
commit 3fa952c5cb
4 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
op/op.EditDocument.php
View File

@ -32,6 +32,11 @@ include("../inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user)); $controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
/* Check if the form data comes from a trusted request */
if(!checkFormKey('editdocument')) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
}
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) { if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }

5
op/op.EditFolder.php
View File

@ -32,6 +32,11 @@ include("../inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user)); $controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
/* Check if the form data comes from a trusted request */
if(!checkFormKey('editfolder')) {
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
}
if (!isset($_POST["folderid"]) || !is_numeric($_POST["folderid"]) || intval($_POST["folderid"])<1) { if (!isset($_POST["folderid"]) || !is_numeric($_POST["folderid"]) || intval($_POST["folderid"])<1) {
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id")); UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
} }

1
views/bootstrap/class.EditDocument.php
View File

@ -90,6 +90,7 @@ $(document).ready( function() {
$expdate = ''; $expdate = '';
?> ?>
<form class="form-horizontal" action="../op/op.EditDocument.php" name="form1" id="form1" method="post"> <form class="form-horizontal" action="../op/op.EditDocument.php" name="form1" id="form1" method="post">
<?php echo createHiddenFieldWithKey('editdocument'); ?>
<input type="hidden" name="documentid" value="<?php echo $document->getID() ?>"> <input type="hidden" name="documentid" value="<?php echo $document->getID() ?>">
<?php <?php
$this->formField( $this->formField(

1
views/bootstrap/class.EditFolder.php
View File

@ -81,6 +81,7 @@ $(document).ready(function() {
$this->contentContainerStart(); $this->contentContainerStart();
?> ?>
<form class="form-horizontal" action="../op/op.EditFolder.php" id="form1" name="form1" method="post"> <form class="form-horizontal" action="../op/op.EditFolder.php" id="form1" name="form1" method="post">
<?php echo createHiddenFieldWithKey('editfolder'); ?>
<input type="hidden" name="folderid" value="<?php print $folder->getID();?>"> <input type="hidden" name="folderid" value="<?php print $folder->getID();?>">
<input type="hidden" name="showtree" value="<?php echo showtree();?>"> <input type="hidden" name="showtree" value="<?php echo showtree();?>">
<?php <?php