gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 07:04:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

take out authentication and secure script with a token

Browse Source
This commit is contained in:
Uwe Steinmann 2020-08-26 11:40:04 +02:00
parent 92b049ee6d
commit 6d881fed60
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
op/op.UploadChunks.php
View File

@ -26,11 +26,13 @@ include("../inc/inc.Init.php");
include("../inc/inc.Extension.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
//include("../inc/inc.Authentication.php");
//print_r($_FILES);
//print_r($_POST);
//exit;
if(empty($_GET['formkey']) || $_GET['formkey'] != md5($settings->_encryptionKey.'uploadchunks')) {
header("Content-Type: text/plain");
echo json_encode(array('success'=>false, 'error'=>'Wrong formkey'));
exit;
}
$file_param_name = 'qqfile';
$file_name = $_FILES[ $file_param_name ][ 'name' ];

2
views/bootstrap/class.Bootstrap.php
View File

@ -2752,7 +2752,7 @@ $(document).ready(function() {
element: $('#<?php echo $prefix; ?>-fine-uploader')[0],
template: 'qq-template',
request: {
endpoint: '<?php echo $uploadurl; ?>'
endpoint: '<?php echo $uploadurl."?formkey=".md5($this->params['settings']->_encryptionKey.'uploadchunks'); ?>'
},
<?php echo ($maxuploadsize > 0 ? '
validation: {